home

wbtoolDx.dll

Webblog

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module wbtoolDx.dll, “Webblog Link Library” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Webblog’. This file is typically installed with the program Webblog by Visicom Media inc. which is a potentially unwanted software program.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
Webblog

Description:
Webblog Link Library

Version:
1, 0, 0, 15

MD5:
456790967cfbb8d13f058b086fe19a33

SHA-1:
26cb1d26ecd2762a3c6de14e1e5688cb37fe8c5a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/23/2024 2:16:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.2.13.0

File size:
84.7 KB (86,696 bytes)

Product version:
1.0.0.15

Copyright:
© 2010 Visicom Media Inc.

Original file name:
wbtoolDx.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\wbtooltb\wbtooldx.dll

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/28/2008 2:00:00 AM

Valid to:
6/23/2010 1:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
70DEF7A1CF826EC0B9F2257933EA429B

Registration
CLSID:
{C3947F4E-8894-4C04-98E0-DF182C706DDF}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/20/2009 6:11:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:bbVSQvGEbtSs8n/95pdaMvIYQv/EelCi1jbyo:bUwGGSGH/EelCi1jx

Entry address:
0x4EC6

Entry point:
6A, 0C, 68, C8, D5, 00, 10, E8, F6, F0, FF, FF, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 98, 0F, 01, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, CC, 27, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, B2, DD, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
48 KB (49,152 bytes)

Internet Explorer BHO
Display name:
Webblog

CLSID:
{C3947F4E-8894-4C04-98E0-DF182C706DDF}


The file wbtoolDx.dll has been discovered within the following program.

Webblog  by Visicom Media inc.
Publisher's description - “When you have consented to its use and installation, the "ooVoo ToolbarTM" software plugin (the "Toolbar") and or the HomePage Default Search Page will automatically launch every time you execute your browser program.”
software.visicommedia.com
85% remove it
 
Powered by Should I Remove It?

Remove wbtoolDx.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.