home

vntldr.exe

Virtual New Tab

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application vntldr.exe, “Virtual New Tab Loader” by APN has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VNT’. Additionally, the file is typically installed by a number of programs including Ask Toolbar by APN LLC and Virtual DJ Toolbar by APN, LLC, both potentially unwanted software.
Publisher:
APN LLC.  (signed by APN LLC)

Product:
Virtual New Tab

Description:
Virtual New Tab Loader

Version:
9.9.9.9

MD5:
f205be21ed1a7f686edc46e90db94f0c

SHA-1:
f39aa7b486b38ad856a5e3cd9930eb767f4f27f1

SHA-256:
99dd7854c189486884c2b2527ddf0e924a87bb8c59833c361d9c12393fb1e395

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:20:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.5.18

File size:
191.5 KB (196,048 bytes)

Product version:
9.9.9.9

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
vntldr.dll

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\vnt\vntldr.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 8:00:00 AM

Valid to:
4/9/2015 7:59:59 AM

Subject:
CN=APN LLC, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F4E343161BC7EB67514D3DCEC434EA0

File PE Metadata
Compilation timestamp:
3/18/2014 6:51:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xC44D

Entry point:
E8, 12, 53, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, B0, 22, 42, 00, 00, 74, 05, E9, 73, 53, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01...
 
[+]

Entropy:
6.2080

Code size:
96 KB (98,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VNT

Command:
C:\Program Files\vnt\vntldr.exe


The file vntldr.exe has been discovered within the following programs.

Ask Toolbar  by APN LLC
The Ask Toolbar is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
apn.ask.com
74% remove it
KMP Media Toolbar  by APN LLC
KMP Media Toolbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.
87% remove it
Virtual DJ Toolbar  by APN, LLC
Virtual DJ Toolbar is an Ask.com (Ask Partner Network) Toolbar that will provide limited web browser functionality but will modify the user's home and search pages and providers to an Ask.com managed partner search engine.
68% remove it
 
Powered by Should I Remove It?

Remove vntldr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.