» youdaotoolbarassist.exe
Overview
Analysis
File Details
Behaviors (1)

youdaotoolbarassist.exe

有道工具栏

NetEase Youdao Information Technology (Beijing) Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘YoudaoToolbarAssist’.

File name:

Publisher:

网易有道 (signed by NetEase Youdao Information Technology (Beijing) Co.,Ltd.)

Product:

有道工具栏

Description:

有道工具栏辅助进程

Version:

1.0.0.1

MD5:

ba630c0e3e36384b20640fa1b910fd8c

SHA-1:

ff0fc390fd0d1e273255977e2244af07f314f20a

SHA-256:

76a4dd9d4c3dc5a6d17784ab4c0481f6a73e6e9c79788d19dc8af255701bf6a7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 6:52:07 PM UTC (today)

File size:

621.5 KB (636,376 bytes)

Product version:

1.0.0.1

Original file name:

ToolbarAssist.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, Singapore)

Common path:

C:\Program Files\youdao\toolbar\ydtbv3.0\youdaotoolbarassist.exe

Digital Signature

Signed by:

NetEase Youdao Information Technology (Beijing) Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

7/27/2009 8:00:00 AM

Valid to:

8/4/2010 7:59:59 AM

Subject:

CN="NetEase Youdao Information Technology (Beijing) Co.,Ltd.", OU=Products, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NetEase Youdao Information Technology (Beijing) Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2E57F790954F077E243488A804C597C8

File PE Metadata

Compilation timestamp:

7/16/2010 1:51:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x4E965

Entry point:

E8, D4, 7A, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 80, D6, 48, 00, 75, 02, F3, C3, E9, 54, 7B, 00, 00, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, B4, 6B, 47, 00, C3, 53, 8B, 5C, 24, 08, 56, 57, 8B, F9, C7, 07, B4, 6B, 47, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 96, 7C, 00, 00, 8B, F0, 46, 56, E8, CB, 1A, 00, 00, 85, C0, 59, 59, 89, 47, 04, 74, 12, FF, 33, 56, 50, E8, 11, 7C, 00, 00, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, C2, 04, 00, 53, 8B, 5C, 24, 08, 56, 8B, F1... 
[+]

Entropy:

6.4179

Code size:

456 KB (466,944 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

YoudaoToolbarAssist

Command:

"C:\Program Files\youdao\toolbar\ydtbv3.0\youdaotoolbarassist.exe" runserver

Scan youdaotoolbarassist.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.