home

vgrabber.dll

vGRabber Toolbar

Montera Technologeis LTDD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module vgrabber.dll by Montera TechnologeisD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Bundlore LTD Helper Object’.
Publisher:
Bundlore LTD  (signed by Montera Technologeis LTDD)

Product:
vGRabber Toolbar

Version:
1.5.23.0

MD5:
9c386eda7c147c9e477d7d0aee6dc627

SHA-1:
07c2e6106c168c35d05e50dbca80687a08a395ca

SHA-256:
9feb4933aef36e4c3b161cb1ac2fc0d35cecccff5de9a45834770c2c01258cb1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 3:35:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera.Montera.Toolbar (M)
16.1.2.9

File size:
260.2 KB (266,448 bytes)

Product version:
1.5.23.0

Copyright:
(c) Bundlore LTD All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\bundlore ltd\vgrabber\1.5.23.25\bh\vgrabber.dll

Digital Signature
Signed by:
Montera Technologeis LTDD

Authority:
The USERTRUST Network

Valid from:
5/15/2011 5:00:00 PM

Valid to:
5/15/2012 4:59:59 PM

Subject:
CN=Montera Technologeis LTDD, O=Montera Technologeis LTDD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0095D386F202E0248D39723608F340A6E5

File PE Metadata
Compilation timestamp:
5/14/2012 6:05:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:97eScw3p83hhSUxMjzQHv+MqaEuBFoza7o/iq/Hwzrfh:ZRp83HSUxMjzQHv+MNFoza7o/Herfh

Entry address:
0x16A81

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BB, 75, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, E0, 7B, 03, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, D2, 77, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2...
 
[+]

Entropy:
6.3268

Code size:
157 KB (160,768 bytes)

Internet Explorer BHO
Display name:
Bundlore LTD Helper Object

CLSID:
{551F809C-AF12-4545-9D0C-6EB71DDDC088}


Remove vgrabber.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.