» enhancedNT.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (7)

enhancedNT.dll

enhancedNT

Visual Tools

The module enhancedNT.dll by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘NTRedirect’. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Search-Gol Chrome Toolbar by Search-Gol, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

enhancedNT.dll

Publisher:

Visual Tools (signed and verified)

Product:

enhancedNT

Version:

1.0.0.2

MD5:

e8acd9ba00ff35b2f9671b98cec3d092

SHA-1:

a8a1ff224543960c9b7a4fbb304daf4eedbf0427

SHA-256:

051786fa0b88dd48b91716355d6490d26fde2dd910f372ad9a2c997c847d386d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 4:15:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon (M)

17.2.23.11

File size:

183.5 KB (187,888 bytes)

Product version:

1.0.0.2

Original file name:

enhancedNT.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\babsolution\shared\enhancednt.dll

Digital Signature

Signed by:

Visual Tools

Authority:

Thawte, Inc.

Valid from:

1/10/2013 1:00:00 AM

Valid to:

1/11/2015 12:59:59 AM

Subject:

CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

789958B0264F06055619270074AFA61F

File PE Metadata

Compilation timestamp:

8/22/2013 11:15:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0xDE94

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 2C, 7D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 98, 68, 02, 10, E8, 0D, FB, FF, FF, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, A2, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E4, 02, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

109 KB (111,616 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

NTRedirect

Command:

C:\windows\syswow64\rundll32.exe "C:\users\{user}\appdata\roaming\babsolution\shared\enhancednt.dll",run

The file enhancedNT.dll has been discovered within the following programs.

Bueno Chrome Toolbar by Babylon Ltd

Bueno Chrome Toolbar is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

info.buenosearch.com

82% remove it

DaleSearch Chrome Toolbar by Babylon Ltd

Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.

info.dalesearch.com

66% remove it

Delta Chrome Toolbar by Visual Tools

Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.

83% remove it

Doko Chrome Toolbar by Babylon Ltd

Doko Chrome Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

82% remove it

Hola Chrome Toolbar by Babylon Ltd

Hola Chrome Toolbar is part of the babylon toolbar system and the Hola Toolbar Platform, a known adware program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.

info.holasearch.com

82% remove it

MixiDJ chrome Toolbar by Conduit Ltd.

MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.

MixiDJV30.OurToolbar.com

66% remove it

Search-Gol Chrome Toolbar by Search-Gol

SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.

info.searchgol.com

67% remove it

Remove enhancedNT.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.