» wcoretb.dll
Overview
Analysis
File Details
Programs (1)

wcoretb.dll

Windows Core Toolbar

search core systems

The module wcoretb.dll by search core systems has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Windows Core Toolbar by Core Systems which is a potentially unwanted software program.

File name:

wcoretb.dll

Publisher:

search core systems (signed and verified)

Product:

Windows Core Toolbar

Version:

1.0.1.1

MD5:

745bb3ee41dd95c44b77a8e21e71798e

SHA-1:

3ce36712398fc464dbf12e46c4c06b751a5dd4e2

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/5/2024 4:36:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.searchcoresystems.Toolbar (M)

16.2.13.17

File size:

613.5 KB (628,272 bytes)

Product version:

1.0.1.1

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\core systems\windows core toolbar\wcoretb.dll

Digital Signature

Signed by:

search core systems

Authority:

GlobalSign nv-sa

Valid from:

1/13/2012 11:23:55 AM

Valid to:

1/13/2013 11:23:55 AM

Subject:

CN=search core systems, O=search core systems, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112161BFE8B30B66C06A60ADF51015575814

Registration

CLSID:

{3A6BE320-DC9B-4D24-A6E8-621B81544F4B}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

2/12/2012 9:23:53 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:cDTWaHd13qd69uj9iMwUyvbcIj2SAL42xrof888888888888W88888888888Ka:OT9d13pujsoyvbcIkHrza

Entry address:

0x7B9D8

Entry point:

55, 8B, EC, 83, C4, C0, B8, 58, AD, 47, 00, E8, B8, C2, F8, FF, B8, FC, AB, 47, 00, A3, 24, 1B, 48, 00, B8, 01, 00, 00, 00, FF, 15, 24, 1B, 48, 00, E8, FA, 93, F8, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5001

Developed / compiled with:

Microsoft Visual C++

Code size:

491 KB (502,784 bytes)

The file wcoretb.dll has been discovered within the following programs.

Windows Core Toolbar by Core Systems

Windows Core Toolbar installs a toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to a remote server in order to suggest services or provide ads via the toolbar.

68% remove it

Remove wcoretb.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.