» toolbarupdate.exe
Overview
Analysis
File Details
Programs (2)

toolbarupdate.exe

Zugo Ltd

The application toolbarupdate.exe by Zugo has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program StartNow Toolbar by StartNow.com which is a potentially unwanted software program.

File name:

toolbarupdate.exe

Publisher:

Zugo Ltd (signed and verified)

MD5:

28ae3dd3ac533b525a3fcbe4f26fd6f8

SHA-1:

24c7cc721fdf5d286ef00227f6992c20b4d58ed0

SHA-256:

1dff7efdb6926cebf9ec1a23acda3599d7cab0a4891bf715b75212a802a74c2c

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

11/14/2024 2:13:27 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Zugo.N

188838

Dr.Web

Adware.Zugo.114

9.0.1.0354

Reason Heuristics

PUP.Zugo.N

14.8.7.17

VIPRE Antivirus

Zugo Ltd

22002

File size:

333.5 KB (341,504 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\windows\temp\tbu003\toolbarupdate.exe

Digital Signature

Signed by:

Zugo Ltd

Authority:

COMODO CA Limited

Valid from:

1/30/2013 7:00:00 PM

Valid to:

1/31/2016 6:59:59 PM

Subject:

CN=Zugo Ltd, O=Zugo Ltd, STREET=PO Box 36, STREET=1st Floor, STREET=37 Broad St., L=St Helier, S=Jersey, PostalCode=JE4 9NU, C=JE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FA860DF2AC924FC31176C787706F3824

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:je34ProtJCL3mEu49naWpgvCIU9FhA+MRY/jOghfbNn3iI8O5xtpXwEdPyL:Vr6Crm749naJvCIUnhA+MW9fbNn3p8lV

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.7923

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file toolbarupdate.exe has been discovered within the following programs.

StartNow Toolbar by StartNow.com

StartNow is a web browser toolbar that changes your homepage and redirects valid searches.

about.startnow.com

79% remove it

StartNow Toolbar 2.0 by Zugo Ltd

Publisher's description - “Our Search Toolbar offers access to the Bing™ decision engine helping users to search and surf the web! Bing brings together key information and organizes it in one place, you can check the weather forecast, look up ticket prices and book a flight all at once.”

www.zugo.com

86% remove it

Remove toolbarupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.