» IEToolbar.dll
Overview
Analysis
File Details
Programs (1)

IEToolbar.dll

Freshy.com Toolbar

Findwide

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module IEToolbar.dll by Findwide has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program FindWide.com by FindWide which is a potentially unwanted software program.

File name:

IEToolbar.dll

Publisher:

Freshy.com (signed by Findwide)

Product:

Freshy.com Toolbar

Version:

2.0.0.1194

MD5:

da6f962c9ce99b68049e947d8b2e36e8

SHA-1:

4fdd796be87a425568b607f26e5b298f10b3fda2

SHA-256:

2411bfb3cbb4689c8894a5cf4a402255fc13bca4b3164287f4abc9cbfc0b7e8a

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

12/28/2024 12:17:07 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Findwide

188838

ESET NOD32

Win32/Toolbar.TNT2.B potentially unwanted application

7.0.302.0

IKARUS anti.virus

PUA.TNT2

t3scan.1.8.3.0

Reason Heuristics

Threat.Tightrope.Toolbar

15.4.2.1

File size:

113.4 KB (116,072 bytes)

Product version:

2.0.0.1194

Original file name:

IEToolbar.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1194\ietoolbar.dll

Digital Signature

Signed by:

Findwide

Authority:

VeriSign, Inc.

Valid from:

4/1/2012 8:00:00 PM

Valid to:

4/3/2013 7:59:59 PM

Subject:

CN=Findwide, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Findwide, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4DA4730894ED337B96666A0979D619C2

File PE Metadata

Compilation timestamp:

10/25/2012 5:26:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:6yGOqxvMAMwdG/TK5NVaGx/HG7CvKa+XkiggYJ2HBrDBg3J5Z1eDVthaBas1:N4JkIVaIMW+sgYJ+rDGJz16thaBa

Entry address:

0x966E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 81, 57, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, D8, C4, 01, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, B6, 57, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9... 
[+]

Entropy:

6.4186

Code size:

69.5 KB (71,168 bytes)

The file IEToolbar.dll has been discovered within the following program.

FindWide.com by FindWide

FindWide is a potentially unwanted application that runs in the web browser as a toolbar and web extension.

search.findwide.com

67% remove it

Remove IEToolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.