mwsBar.dll

My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients

Fun Web Products

The module mwsBar.dll, “My Web Search Bar” by Fun Web Products has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘mwsBar BHO’.
Publisher:
MyWebSearch.com  (signed by Fun Web Products)

Product:
My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients

Description:
My Web Search Bar

Version:
2, 3, 50, 61

MD5:
7181fa4c7ee0f424cca887a3134d2f83

SHA-1:
abf6a7817d3d64c8cda02fd6eebcf6af173aac20

SHA-256:
1ff3eb3c41d92cdc9cd7b3ffd92fc4ea05144645e35d2747ec65c875d60e42c1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the MyWebSearch/Mindspark/Ask web browser extension and toolbar.

Analysis date:
12/23/2024 10:58:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyWebSearch (M)
16.11.3.3

File size:
445.4 KB (456,112 bytes)

Product version:
2, 3, 50, 61

Copyright:
Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009

Original file name:
mwsBar.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\mywebsearch\bar\1.bin\mwsbar.dll

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/17/2008 7:00:00 PM

Valid to:
1/20/2010 6:59:59 PM

Subject:
CN=Fun Web Products, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Fun Web Products, L=White Plains, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7469E97907F383E4FF81AE9B045C64AA

Registration
CLSIDs:
{07B18EA1-A523-4961-B6BB-170DE4475CCA}, {07B18EA9-A523-4961-B6BB-170DE4475CCA}, {07B18EAB-A523-4961-B6BB-170DE4475CCA}, {53CED2D0-5E9A-4761-9005-648404E6F7E5}

ProgIDs:
MyWebSearchToolBar.SettingsPlugin.1, MyWebSearchToolBar.ToolbarPlugin.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/19/2009 12:38:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FB9PMxgIQJoJqEK9+pQ9iAG49g1wY+//S:X9P5pJGqF+pQ2YV/q

Entry address:
0x1E4D5

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, 93, E2, FE, FF, C2, 0C, 00, FF, 15, C0, 41, 04, 10, 33, C0, C3, A1, E0, EA, 04, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, 80, EA, 04, 10, FF, 15, 50, 41, 04, 10, 5E, C3, 8B, 0D, E4, EA, 04, 10, 8B, 15, DC, EA, 04, 10, FF, 05, E4, EA, 04, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, 50, 41, 04, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 0F, AF, 44, 24, 08, 50, E8, 9D, FF, FF, FF...
 
[+]

Entropy:
5.5391

Code size:
268 KB (274,432 bytes)

Internet Explorer BHO
Display name:
mwsBar BHO

CLSID:
{07B18EA1-A523-4961-B6BB-170DE4475CCA}


Remove mwsBar.dll - Powered by Reason Core Security