» vshare_toolbar.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

vshare_toolbar.dll

iMedix Web Technologies LTD.

The module vshare_toolbar.dll by iMedix Web Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘vShare Plugin’. This file is typically installed with the program vShare Plugin by vShare.tv, Inc..

File name:

vshare_toolbar.dll

Publisher:

iMedix Web Technologies LTD. (signed and verified)

MD5:

affb36535a959dce75f9399f65788e05

SHA-1:

fa3c0f6fa6412ff4b6bc16c7048a538d6781aeef

SHA-256:

e9864912620bd41d29d97de9ac3c7e3ff9331d0925be00939202f242e51bf3c4

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 8:05:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.iMedixWebTechnologies (M)

16.3.3.16

File size:

419 KB (429,032 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\vshare\vshare_toolbar.dll

Digital Signature

Signed by:

iMedix Web Technologies LTD.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

8/20/2009 7:00:00 AM

Valid to:

8/21/2010 6:59:59 AM

Subject:

CN=iMedix Web Technologies LTD., O=iMedix Web Technologies LTD., L=Herzelia, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

37D630F3EA8B1E826E55ED00E2BAC2ED

Registration

CLSIDs:

{043C5167-00BB-4324-AF7E-62013FAEDACF}, {3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}, {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

ProgIDs:

vShare.PugiObj.1, vShare.ScriptHelpers.1, vShare.IMedixProtocol.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/4/2010 10:48:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:cKHmrUzczFPqbdi5uTAz0sOuzaB1DOUAwS1ZB:cGMRqb05IhbDOUAwS1L

Entry address:

0x325CD

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 8E, 9E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 92, 05, 10, E8, 80, C5, FF, FF, 6A, 0E, E8, 9D, 03, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 18, 4F, 06, 10, BA, 14, 4F, 06, 10, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 30, A9, FF, FF, 59, FF, 76, 04, E8, 27, A9, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00... 
[+]

Entropy:

6.4919

Code size:

284 KB (290,816 bytes)

Internet Explorer BHO

CLSID:

{043C5167-00BB-4324-AF7E-62013FAEDACF}

CLSID name:

vShare Plugin

The file vshare_toolbar.dll has been discovered within the following program.

vShare Plugin by vShare.tv, Inc.

Publisher's description - “Easily embed videos from various Video Sharing sites like YouTube or Vimeo. This plugin allows you to embed flash video players from various video sharing sites. New services can be added by just editing a config file. This is not for displaying local video files.”

www.vshare.tv

42% remove it

Remove vshare_toolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.