home

mwsBar.dll

My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients

Fun Web Products

The module mwsBar.dll, “My Web Search Bar” by Fun Web Products has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
MyWebSearch.com  (signed by Fun Web Products)

Product:
My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients

Description:
My Web Search Bar

Version:
2, 3, 50, 52

MD5:
f6ea60ba7da7cbce0a79f19ddb8280f4

SHA-1:
b14d49cde9e6283d5a1a1db9f063daaa7ad3b13e

SHA-256:
821e7a711d867b5786772b386216d4b5861c45d2fb964ab7cd48d02f6abc7c2b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the MyWebSearch/Mindspark/Ask web browser extension and toolbar.

Analysis date:
11/4/2024 5:00:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyWebSearch (M)
16.11.17.7

File size:
441.4 KB (452,016 bytes)

Product version:
2, 3, 50, 52

Copyright:
Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009

Original file name:
mwsBar.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\mywebsearch\bar\1.bin\mwsbar.dll

Digital Signature
Signed by:
Fun Web Products

Authority:
VeriSign, Inc.

Valid from:
12/18/2008 12:00:00 AM

Valid to:
1/20/2010 11:59:59 PM

Subject:
CN=Fun Web Products, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Fun Web Products, L=White Plains, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7469E97907F383E4FF81AE9B045C64AA

File PE Metadata
Compilation timestamp:
8/20/2009 2:23:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:dsMT/2NtZdLB28cT8u9ksQLHPdO0ddoV4wols:CMT8tZ94lT8uWZHPdWvss

Entry address:
0x1DBB5

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, 15, E5, FE, FF, C2, 0C, 00, FF, 15, C0, 31, 04, 10, 33, C0, C3, A1, 80, D8, 04, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, 20, D8, 04, 10, FF, 15, 50, 31, 04, 10, 5E, C3, 8B, 0D, 84, D8, 04, 10, 8B, 15, 7C, D8, 04, 10, FF, 05, 84, D8, 04, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, 50, 31, 04, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 0F, AF, 44, 24, 08, 50, E8, 9D, FF, FF, FF...
 
[+]

Entropy:
6.2015

Code size:
264 KB (270,336 bytes)

Remove mwsBar.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.