YahooToolbar.exe

Yahoo

yahoo.com

The executable YahooToolbar.exe has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.outbrowse.com.
Publisher:
yahoo.com

Product:
Yahoo

Description:
Yahoo Toolbar

Version:
1.0

MD5:
7c4c421f3222f01dd4748307c290bb2f

SHA-1:
1723c089808b413d15e9b89a1e73faeac6c65181

SHA-256:
9e06ab2bcd512bd6460589f77b4f87c5afa42b23b1d0fb9ce4481c8fc4c9a2f8

Scanner detections:
6 / 68

Status:
Malware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 11:10:00 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.AVKill.25886
9.0.1.0239

Emsisoft Anti-Malware
Trojan.Win32.OutBrowse.AMN
8.13.08.27.10

ESET NOD32
Win32/OutBrowse
7.8401

Fortinet FortiGate
W32/OutBrowse.C
8/27/2013

McAfee
Artemis!7C4C421F3222
5600.7180

Norman
Suspicious_Gen4.CBVDX
11.20130827

File size:
559.6 KB (573,005 bytes)

Copyright:
© Yahoo

Trademarks:
yahoo.com

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yahootoolbar.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:3e34H3bm3tA2FOpsUpdV65zaZMHqjgaaB56WI6r9cWScNS5b7184xNFTf3b+GWcl:lLIUpWgZEqaBcm9jSVb5BxNURQiGR71

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9121

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file YahooToolbar.exe has been seen being distributed by the following URL.

Remove YahooToolbar.exe - Powered by Reason Core Security