toolbarupdaterservice.exe

The application toolbarupdaterservice.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Updater Service for EazelBar”. This file is typically installed with the program EazelBar by Vittalia Internet, SLU which is a potentially unwanted software program. While running, it connects to the Internet address hans-moleman.w3.org on port 80 using the HTTP protocol.
MD5:
ea51a010bc3e1f73c509523815c9d2ea

SHA-1:
bd8fe4dc5bedcbd362b8b9cd265b2df1e77b7a2d

SHA-256:
05cc6d0aeb865bf658e889fdf6abf0a8acce155514019d965d0c75f5156cce7c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
10/18/2018 1:09:55 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.V
188163

Reason Heuristics
PUP.Eazelbar (M)
16.10.26.11

File size:
218 KB (223,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\eazelbar\toolbarupdaterservice.exe

File PE Metadata
Compilation timestamp:
6/5/2013 7:40:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:k12Df2+JBYqvby6jX45DsN6sK29L/b9Ju4muCE7ZWsP2H+etpI+E:kS4s45gNtK29Ln1vZWsP2btpa

Entry address:
0x10FA0

Entry point:
E8, AD, 52, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 08, FF, 15, E8, 11, 42, 00, 85, C0, 75, 08, FF, 15, 30, 11, 42, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, CB, 0E, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 53, 56, 8B, 75, 08, 57, 33, FF, 83, CB, FF, 3B, F7, 75, 1C, E8, 82, 0E, 00, 00, 57, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, E8, 0A, 0E, 00, 00, 83, C4, 14, 0B, C3, EB, 42, F6, 46, 0C, 83, 74, 37, 56, E8, 23, 59, 00, 00, 56, 8B, D8, E8, EA, 58, 00, 00...
 
[+]

Entropy:
6.1409

Code size:
126.5 KB (129,536 bytes)

Service
Display name:
Updater Service for EazelBar

Type:
Win32OwnProcess


The file toolbarupdaterservice.exe has been discovered within the following program.

EazelBar  by Vittalia Internet, SLU
EazelBar is a web browser plugin for Intenet Explorer and Firefox. The toolbar collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide advertising via the toolbar.
search.eazel.com
63% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-72-9-51.eu-west-1.compute.amazonaws.com  (54.72.9.51:80)

TCP (HTTP):
Connects to hans-moleman.w3.org  (128.30.52.100:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.134.28:80)

Remove toolbarupdaterservice.exe - Powered by Reason Core Security