» passport64.dll
Overview
Analysis
File Details

passport64.dll

Freshy Toolbar

Freshy

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module passport64.dll by Freshy has been detected as adware by 5 anti-malware scanners.

File name:

passport64.dll

Publisher:

Freshy.com (signed by Freshy)

Product:

Freshy Toolbar

Version:

2.0.0.1024

MD5:

73ff06f45bfaf8eecf16c170026e3e1e

SHA-1:

5a63c1a051dbf45a07f2264f7260afeaa9e36c3d

SHA-256:

30264518cda56afe642e5f1fcf495d0f2bc01b1bea4056e4fa1ad978ea9a9d4d

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

11/5/2024 4:26:36 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Emsisoft Anti-Malware

Win32.Expiro.BH

8.16.01.21.04

ESET NOD32

Win32/Toolbar.TNT2.C potentially unwanted application

10.7.0.302.0

Reason Heuristics

PUP.Tightrope.Freshy.Toolbar (M)

16.1.21.4

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9373

File size:

9.3 KB (9,544 bytes)

Product version:

2.0.0.1024

Original file name:

FreshyToolbar.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1057\passport64.dll

Digital Signature

Signed by:

Freshy

Authority:

VeriSign, Inc.

Valid from:

7/28/2011 8:00:00 PM

Valid to:

7/28/2013 7:59:59 PM

Subject:

CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3FE2E83B02F14E8E282304CFC46C3524

File PE Metadata

Compilation timestamp:

8/7/2012 4:46:25 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

192:rEv4LZ335/wJirNmL/fr8zVD+vKWr9ZCspE+TMIrNU:rEva3mirILYx7PeMf

Entry address:

0x1000

Entry point:

FF, CA, 75, 07, 48, 89, 0D, FD, 1F, 00, 00, B8, 01, 00, 00, 00, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2771

Code size:

512 Bytes (512 bytes)

Remove passport64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.