» Windows Internet Explorer ToolBar.dll
Overview
Analysis
File Details
Behaviors (1)

Windows Internet Explorer ToolBar.dll

Windows Internet Explorer ToolBar

Beijing Zhiyu Wuxian Technology co.,Ltd

File name:

Publisher:

Microsoft Corporation (signed by Beijing Zhiyu Wuxian Technology co.,Ltd)

Product:

Windows Internet Explorer ToolBar

Description:

Windows Internet Explorer ToolBar For Easy Search

Version:

1, 0, 0, 1

MD5:

5457c4999910ff32a5527de2c9b1e8c4

SHA-1:

f14034d9e16366f72a524141f0ad4fc2eb96fdcc

SHA-256:

a647b74681e761ab6fe997ea7261f900cad31acdc475a8cb75f985f97a1a3f61

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/3/2024 1:00:41 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.152C9D3E!355245374

23.00.65.17314

File size:

240.1 KB (245,856 bytes)

Product version:

1, 0, 0, 1

Original file name:

Windows Internet Explorer ToolBar.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\internet explorer\plugins\windows internet explorer toolbar.dll

Digital Signature

Signed by:

Beijing Zhiyu Wuxian Technology co.,Ltd

Authority:

WoSign, Inc.

Valid from:

2/23/2011 8:00:00 AM

Valid to:

2/24/2012 7:59:59 AM

Subject:

CN="Beijing Zhiyu Wuxian Technology co.,Ltd", OU=WoSign Class 3 Code Signing, O="Beijing Zhiyu Wuxian Technology co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

2DD333B33813D1FB0F441EFCAEA41EFE

Registration

CLSID:

{88CEB03E-00CB-4CE1-BA7E-37C0B90898EA}

ProgID:

ZW.IEBar.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

2/26/2011 2:14:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

Entry address:

0x23DE2

Entry point:

6A, 0C, 68, B0, B0, 02, 10, E8, 02, FB, FF, FF, 33, C0, 40, 89, 45, E4, 33, FF, 89, 7D, FC, 8B, 75, 0C, 3B, F7, 75, 0C, 39, 3D, 5C, 48, 03, 10, 0F, 84, AC, 00, 00, 00, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 64, 48, 03, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, E5, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, B4, F8, FD, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF... 
[+]

Entropy:

6.2012

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

152 KB (155,648 bytes)

Internet Explorer Plugin

Name:

Windows Internet Explorer ToolBar.dll

Scan Windows Internet Explorer ToolBar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.