» WinToFlashSuggestor.dll
Overview
Analysis
File Details
Behaviors (1)

WinToFlashSuggestor.dll

WinToFlash Suggestor

Think Tank Labs, LLC

The module WinToFlashSuggestor.dll, “WinToFlash Suggestor for Microsoft Internet Explorer” by Think Tank Labs has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘WinToFlash Suggestor’.

File name:

Publisher:

Novicorp LLC (signed by Think Tank Labs, LLC)

Product:

WinToFlash Suggestor

Description:

WinToFlash Suggestor for Microsoft Internet Explorer

Version:

1.2.3.0

MD5:

88bb9a66967b70b7051a58983e2e3cdc

SHA-1:

8185c4c5f4521fadd0b49cd2a0a5b343de8967fb

SHA-256:

eae10acc5a73024ff06646159e6bf55b532088e597084a6616b81b5816368dad

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 5:35:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ThinkTankLabs

15.4.24.0

File size:

294.8 KB (301,872 bytes)

Product version:

1.2.3.0

Original file name:

WinToFlashSuggestor.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\wintoflash suggestor\wintoflashsuggestor.dll

Digital Signature

Signed by:

Think Tank Labs, LLC

Authority:

GoDaddy.com, Inc.

Valid from:

4/13/2011 4:47:41 PM

Valid to:

4/11/2012 4:41:13 PM

Subject:

CN="Think Tank Labs, LLC", O="Think Tank Labs, LLC", L=Newport, S=CA, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B68DF215AD36D

File PE Metadata

Compilation timestamp:

4/9/2012 8:03:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:rcdwpmibGv+qzYCBnoUhM5WrTjd7k2PAWhJfU:rc+pmibGv3BnoUhM5WrVI2th2

Entry address:

0x1773E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 95, 73, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C8, 94, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 00, 91, 02, 10, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 20, 32, 03, 10... 
[+]

Entropy:

6.5136

Code size:

157 KB (160,768 bytes)

Internet Explorer BHO

CLSID:

{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}

CLSID name:

WinToFlash Suggestor

Remove WinToFlashSuggestor.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.