home

AntiToolbar.exe

AntiToolbar

Reimage Limited

The application AntiToolbar.exe, “AntiToolbar Downloader” by Reimage Limited has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
AntiToolbar

Description:
AntiToolbar Downloader

Version:
1.004

MD5:
9bb9724b7ba15a96a3b04e6c220b2147

SHA-1:
c4c6c9ec676069adeaa3de1bf4d6a26232c3a4ba

SHA-256:
60d4a0975ed437ad45be3ab9ca0671e4424e28009a54d513d2841435fff98afc

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/29/2024 12:09:23 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Wpbrutebot-2
0.98/19296

Dr.Web
Adware.Plugin.171
9.0.1.0133

ESET NOD32
Win32/SearchPlugin
8.10285

F-Prot
W32/A-951144e2
v6.4.7.1.166

NANO AntiVirus
Riskware.Nsis.Babylon.cvvuwk
0.28.0.59608

Reason Heuristics
PUP.Crossrider.Reimage.Toolbar.L
14.9.12.17

Trend Micro House Call
TROJ_GEN.F47V0501
7.2.133

File size:
668.7 KB (684,776 bytes)

Product version:
1.004

Copyright:
© Reimage 2013

Original file name:
AntiToolbar.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\antitoolbar.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 1:00:00 AM

Valid to:
6/10/2016 1:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:9XruVF+ZPPfnEUnsEWfXsbKop0xBlf+MO0gcCre50ET3cfE/Ky0jXTkqeVO/gI:9XnlvANcODX0EwfE/i6VOx

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove AntiToolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.