Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs Toggle Toolbar

Toggle Toolbar

By GoldSparrow in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 16,475
Threat Level: 20 % (Normal)
Infected Computers: 1,009
First Seen: August 27, 2013
Last Seen: January 22, 2026
OS(es) Affected: Windows

Toggle Toolbar Image

Toggle Toolbar is an unwanted toolbar/potentially unwanted program, which may access an affected computer without a PC user's consent and awareness. Typically, web users agree to download Toggle Toolbar on their PCs when they download freeware and shareware programs, which always carry numerous free plug-ins for generating revenue, and don't pay much attention to its installation process. Toggle Toolbar is not linked to malware infections, but it uses tricky delivery techniques when striving to access targeted PCs. Toggle Toolbar may also show commercial pop-up advertisements, result in annoying browser diversions to misleading websites or alter the compromised PC's settings to make the computer user use Conduit for online searches. Toggle Toolbar can be downloaded and installed on the PC just like any other software product. If Internet users want to restric penetration of freeware and shareware programs, they have to uncheck the check box, which offers to download Toggle Toolbar on the PC. When installed, Toggle Toolbar may embed a plug-in on all Internet browsers that are installed on the PC. Toggle Toolbar may offer its services for searching the web and display commercial pop-up advertisements.

Analysis Report

General information

Family Name: Adware.Toggle
Signature status: Root Not Trusted

Known Samples

MD5: 8b5c8d1b8af5441de7ab735520f186eb
SHA1: 98b8ff2c611205ad8706045a5526dd9b1b59656d
File Size: 1.53 MB, 1530704 bytes
MD5: 1eeea6a95d5a9fe366ae0cb04ccec478
SHA1: b823fbdd8371ab8af3db66950ae629e058cc81ca
SHA256: C58197E58F87E073F8C45561DFE2E577117731751E4D4CFCDEAF3D15188788A3
File Size: 177.10 KB, 177096 bytes
MD5: ba3ef55219529ddea2d8387a0e47bc29
SHA1: 073c441ff4b1117d77648561ace1ca95945d0e05
SHA256: C9002F8DBAFFBC6125CDA220B2FD9EF013B88DD3CF881B263F02E0D45E11F6E4
File Size: 508.44 KB, 508440 bytes
MD5: e1434c76f9fbe50966bff109fd2bd4d1
SHA1: 60baf961d2e4a33d9a8aaa8bb55988ad2c881f93
SHA256: 9116FF2585B020B2FB622EFA71B3D2700E1A41D3260E87096D1C959EFA26978D
File Size: 171.02 KB, 171024 bytes
MD5: c4f7a6c8fdaf0ace7140fe52236ca3bb
SHA1: 8409e0ed5538fd2d66ecf26ad594977d422a72ca
SHA256: 7615AC2E9EEA7DE8AA9A03536952FE2F960D9C7C821CFEFA32F6E4A9F7EE3189
File Size: 1.57 MB, 1568312 bytes
Show More
MD5: b2ca5bd6ea76b8b86f2f7bbe7e6f51c7
SHA1: 5eafcbcca93af5799dd884221922dd84c36d297f
SHA256: 027B6717675F94511D4861FE2C480F081F90A9B348DA89B19ADACAF165A20E46
File Size: 135.43 KB, 135432 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
MAFER INTERNET SL DigiCert Assured ID Root CA Root Not Trusted
BIBADO INVESTMENTS thawte Primary Root CA Root Not Trusted
Inffinity Internet thawte Primary Root CA Root Not Trusted

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\end Generic Write,Read Attributes
c:\users\user\appdata\local\temp\captura.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb43d9.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\linker.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\nsisdl.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsb43d9.tmp\show_page_toolbar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43d9.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\ac415c8ac1a6a487c2e6aa84a516ac1b_mp3_rocket.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\ac415c8ac1a6a487c2e6aa84a516ac1b_mp3_rocket.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\newadvsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\newadvsplash.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\nsisarray.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\nsisarray.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\splash.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\splash.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\splash.gif_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc69e2.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nskac50.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\pantallatoolbar Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nskac50.tmp\pantallatoolbar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskac50.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\97ef2e724be550fe4f3deb6c2d28835f_karafun.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\97ef2e724be550fe4f3deb6c2d28835f_karafun.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\newadvsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\newadvsplash.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\nsisarray.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\nsisarray.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\splash.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\splash.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\splash.gif_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl880f.tmp\version.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\f6206f69_c4a06aa6d9f045f5bd094b579fc6a6b8_rollercoaster_tycoon.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\f6206f69_c4a06aa6d9f045f5bd094b579fc6a6b8_rollercoaster_tycoon.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\newadvsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\newadvsplash.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\nsisarray.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\nsisarray.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\nsisdl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\nsisdl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\splash.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\splash.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\splash.gif_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa842.tmp\version.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsva37f.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\pantallatoolbar Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsva37f.tmp\pantallatoolbar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva37f.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\toolbar_phpnuke.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\toolbar_toggle.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tp.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df280ef4e5e2e13315.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df5c97a2ce43f723ee.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dff2bf7fd42480d19a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\ist.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\ist.txt Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rhfljadk\AppData\Local\Temp\nsl880F.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\sandbox_live\tmp\111820\6076\c\users\user\appdata\local\temp\nsc69e2.tmp RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • connect
  • gethostbyname
  • inet_addr
  • socket

Related Posts

Trending

Most Viewed

Loading...