» google-toolbar.exe
Overview
Analysis
File Details
Downloads (152)

google-toolbar.exe

Ultra Setup Manager

HUSREN S. A.

The application google-toolbar.exe by HUSREN S. A has been detected as a potentially unwanted program by 6 anti-malware scanners. The file has been seen being downloaded from offersrepo.com and multiple other hosts.

File name:

google-toolbar.exe

Publisher:

TIK (signed by HUSREN S. A.)

Product:

Ultra Setup Manager

Version:

3.4.30.746

MD5:

4ab59f2556ca833fcf267d6394fa12ea

SHA-1:

e6f4dc7c408cedcda83eb1d1cbb0667dd52a59c9

SHA-256:

dc33dc75da506da2f00054bb7787734467a859f7004d78801e09d036f879d9a3

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 2:32:27 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

Kaspersky

not-a-virus:Downloader.MSIL.Agent

14.0.0.2019

McAfee

Artemis!4AB59F2556CA

5600.6761

Panda Antivirus

PUP/iLivid

15.05.19.04

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0516

7.2.139

File size:

154.8 KB (158,552 bytes)

Product version:

3.4.30.746

Trademarks:

TIK

Original file name:

i3KC.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\google-toolbar.exe

Digital Signature

Signed by:

HUSREN S. A.

Authority:

COMODO CA Limited

Valid from:

7/3/2014 8:00:00 PM

Valid to:

7/4/2015 7:59:59 PM

Subject:

CN=HUSREN S. A., O=HUSREN S. A., STREET=COLONIA 810 APTO: 502, L=MONTEVIDEO, S=MONTEVIDEO, PostalCode=11000, C=UY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

567CC889F234095C2B6877B8E8C3A484

File PE Metadata

Compilation timestamp:

5/14/2015 11:17:58 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:bflAWB6JkPKf5AzZxShWVHwob3krXAfcNvRI3hC4jwn0xsSeQUceV2cv:vB6Jxf5A9xS4Vtb35jc2eccv

Entry address:

0x21AE6

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5763

Code size:

127 KB (130,048 bytes)

The file google-toolbar.exe has been seen being distributed by the following 50 URLs.

http://offersrepo.com/download.php?__tc=1432974412307&signature=qualityscorei3&downloadName=razer-game-booster.exe

http://offersrepo.com/download.php?__tc=1433062346661&downloadName=apache-open-office-4-0-1.exe

http://offersrepo.com/download.php?__tc=1433808821454&downloadName=whatsapp-for-pc-free.exe

http://offersrepo.com/download.php?__tc=1434447280631&downloadName=adwcleaner.exe

http://offersrepo.com/download.php?__tc=1432361664570&downloadName=whatsapp-for-pc-free.exe

http://offersrepo.com/download.php?__tc=1434501907947&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1432859305931&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1433089208829&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=adobe-premiere-pro.exe

http://offersrepo.com/download.php?__tc=1433550801573&downloadName=whatsapp-for-pc-free.exe&downloadName=whatsapp-for-pc-free.exe&downloadName=whatsapp-for-pc-free.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=opera.exe

http://offersrepo.com/download.php?__tc=1432605787566&downloadName=whatsapp-for-pc-free.exe

http://offersrepo.com/download.php?__tc=1434126218219&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1432913176253&signature=qualityscorei3&downloadName=geogebra.exe

http://offersrepo.com/download.php?__tc=1433957758807&downloadName=adobe-photoshop-free.exe

http://offersrepo.com/download.php?__tc=1433511105833&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1433480268355&downloadName=bit-torrent.exe

http://offersrepo.com/downloads2.php?__tc=1434330431343&signature=qualityscorei3&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1434155934208&downloadName=minecraft-1-7-2.exe

http://offersrepo.com/download.php?__tc=1431961262729&downloadName=vlc.exe

http://offersrepo.com/download.php?__tc=1433483678511&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1432349695527&downloadName=itunes.exe

http://offersrepo.com/download.php?__tc=1431969094417&downloadName=firefox-2-3.exe

http://offersrepo.com/download.php?__tc=1432138513429&downloadName=adobe-flash-player.exe

http://offersrepo.com/download.php?__tc=1433901563466&downloadName=firefox-2-3.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=libre-office.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=jdownloader.exe

http://offersrepo.com/download.php?__tc=1433805268625&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/download.php?__tc=1433961830204&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1432261303824&signature=qualityscorei3&downloadName=itunes.exe

Latest 30 of 152 download URLs

Remove google-toolbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.