extension32.dll
By Bit Cocktail Ltd. (Signed)
Warning 5 antivirus scanners has detected malware in various versions of extension32.dll.
Overview
There are 15 versions of extension32.dll in the wild, the latest version being 2.0.0.586. It is integrated as a plugin to Internet Explorer as a Browser Helper Object, often without any obvious user interface, and will load for each instance of IE. The average file size is about 157.43 KB. The file is a digitally signed and issued to Bit Cocktail Ltd. by Thawte. The programs Web Assistant 2.0.0.462, Web Assistant 2.0.0.457 and IB Updater 2.0.0.578 have been observed as installing specific variations of extension32.dll.
 Details
|
| File name: | extension32.dll |
| Typical file path: | C:\Program Files\plazy\extension32.dll |
| Original name: | Extension.dll |
| Certificate |
| Issued to: | Bit Cocktail Ltd. |
| Authority (CA): | Thawte |
Programs installed in
(Note, the programs listed below are for all versions of extension32.dll.)
FBFlicker displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-...
“Packing a comprehensive selection of production-ready sounds and effects, Native Instruments KOMPLETE ELEMENTS is the perfect introduction to the world of KOMPLETE. This collection delivers a wide ran...”
Web Assistant installs into the IE and Firefox web browsers and provides advertisier supported searchs that changes and redircts default search results as well as DNS errors. Web Assistant becomes the...
The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodicall...
|
SweetIM Technologies Ltd. |
|
Updater By SweetPacks (from Perion) is designed to monitor and keep the SweetPacks programs automatically up to date. It checks for software updates and automatically downloads and installs them if fo...
Behaviors
(Note, the behaviors below are for all versions of extension32.dll, select a unique version for details.)
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}
- BHO CLSID: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
- BHO CLSID: {7D99783A-E6BF-4a1a-A923-4DAA5ADF3D66}
- BHO CLSID: {1F30D846-4BEF-4246-B19E-7E503B0E6639}
- BHO CLSID: {336D0C35-8A85-403a-B9D2-65C292C39087}
- BHO CLSID: {FEFE89E5-A43F-4f4b-8211-B11D91D02135}
- BHO CLSID: {A6629839-6636-4998-95D6-2B0F52141861}
- BHO CLSID: {70481DB1-0A21-4ae4-AEB8-AD820E7052C4}
- BHO CLSID: {121C6AF3-6778-4360-AFDB-57BD4E3E4343}
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| ESET NOD32 |
7.8722 |
a variant of Win32/Toolbar.Perion.A |
2.0.0.586 |
| ESET NOD32 |
7.8574 |
a variant of Win32/Toolbar.Perion.A |
2.0.0.583 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
2.0.0.583 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.SweetPacks.A |
2.0.0.586 |
| Sophos |
4.91.0 |
BitCocktail |
2.0.0.586 |
All file variations of extension32.dll
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
26.47% |
|
| Windows 8 |
20.59% |
|
| Windows Vista Home Premium |
17.65% |
|
| Windows 7 Ultimate N |
11.76% |
|
| Microsoft Windows XP |
8.82% |
|
| Windows 8 Pro |
5.88% |
|
| Windows 7 Ultimate |
2.94% |
|
| Windows 7 Starter |
2.94% |
|
| Windows 7 Professional |
2.94% |
|
Distribution by country
United States installs about 79.41% of extension32.dll.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
55.56% |
|
| Hewlett-Packard |
19.44% |
|
| Sony |
11.11% |
|
| Gateway |
5.56% |
|
| ASUS |
5.56% |
|
| GIGABYTE |
2.78% |
|
