» vntldr.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

vntldr.exe

Virtual New Tab

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application vntldr.exe, “Virtual New Tab Loader” by APN has been detected as a potentially unwanted program by 10 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VNT’. This file is typically installed with the program Ask Toolbar by APN LLC which is a potentially unwanted software program.

File name:

vntldr.exe

Publisher:

APN LLC. (signed by APN LLC)

Product:

Virtual New Tab

Description:

Virtual New Tab Loader

Version:

1.0.0.2248

MD5:

a043f2dcb3de6a01317fd7dddaa53736

SHA-1:

7ac6f7e3b4791f837d5caee5721052bd2ad1c59e

SHA-256:

7bf8becc4ab5c21c5524f15ea3c5ff48ea2ae44afcbadb443cfebb72e2037a09

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 11:05:00 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Kashu.E

2014.02.28

avast!

Win32:SaliCode

2014.9-141223

Boost by Reason

Optional.Startup.APN.G

188838

K7 AntiVirus

Virus

13.176.11292

Norman

Sality.ZHB

11.20141223

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

PUP.Startup.APN.G

14.8.7.21

Rising Antivirus

PE:Win32.KUKU.GEN!1463551

23.00.65.141221

Trend Micro House Call

PE_SALITY.ER

7.2.357

Trend Micro

PE_SALITY.ER

10.465.23

File size:

197.5 KB (202,192 bytes)

Product version:

1.0.0.2248

Original file name:

vntldr.dll

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\vnt\vntldr.exe

Digital Signature

Signed by:

APN LLC

Authority:

VeriSign, Inc.

Valid from:

4/15/2012 7:00:00 PM

Valid to:

4/8/2015 6:59:59 PM

Subject:

CN=APN LLC, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=APN LLC, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

27EAB3DE0B03D88D5C4A2AE477B84DFA

File PE Metadata

Compilation timestamp:

10/18/2013 7:31:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:g1G02DbP1txjUvJOI/K/KpO0MzFw2zOPD0gpAxxLKwpg:Id2DptxjUxv/K/eO0MJw+3Kwp

Entry address:

0xC6CD

Entry point:

E8, 12, 53, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, B0, 42, 42, 00, 00, 74, 05, E9, 73, 53, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01... 
[+]

Entropy:

6.1836

Code size:

96.5 KB (98,816 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VNT

Command:

C:\Program Files\vnt\vntldr.exe

The file vntldr.exe has been discovered within the following programs.

Ask Toolbar by APN LLC

The Ask Toolbar is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.

apn.ask.com

74% remove it

Sopcast Toolbar by APN LLC

Sopcast Toolbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.

79% remove it

Remove vntldr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.