DaleSearchTB.exe

Visual Tools

The application DaleSearchTB.exe by Visual Tools has been detected as adware by 10 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.cdn-services.com.
Publisher:
Visual Tools  (signed and verified)

MD5:
f67626f9a15539e57cb95f0434e9ab24

SHA-1:
003117ef590ee12e016e0072225deffef7944c71

SHA-256:
4baa0b321409b60037b1fc67dd039fd03757eb31b30719dabd893433f11ff91a

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/25/2024 3:45:06 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
PUP.VisualTools.M
2013.8.29.4

Dr.Web
Adware.Babylon.10
9.0.1.0331

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.8758

herdProtect (fuzzy)
2013.12.20.17

McAfee
Artemis!F67626F9A155
5600.7271

Panda Antivirus
Suspicious file
13.12.20.05

Reason Heuristics
PUP.VisualTools.M
14.8.7.21

Trend Micro House Call
TROJ_GEN.F47V0815
7.2.354

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
22134

File size:
711.5 KB (728,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dalesearchtb.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/9/2013 4:00:00 PM

Valid to:
1/10/2015 3:59:59 PM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
6/16/2013 4:48:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:/opEZNCq+PQ/bw3/WVVfKWHRFpov81QFcnsa+sgOSYUsjU1:/xgQ/bwOn/2keyasKsji

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Entropy:
7.9951

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file DaleSearchTB.exe has been seen being distributed by the following URL.

Remove DaleSearchTB.exe - Powered by Reason Core Security