home

boozakabho.dll

BooZaka

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module boozakabho.dll by BooZaka has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Buzzdock by Alactro LLC and BooZaka by Yontoo Technology, Inc., both potentially unwanted software. The file has been seen being downloaded from install-cdn.boozaka.net.
Publisher:
BooZaka  (signed and verified)

Product:
BooZaka

Version:
1.0.0.3

MD5:
8dd31bf7bf0e1bcdee85d67da93488de

SHA-1:
ecfc742846aca1fa5bb8c9e87f0c7c64e09a0694

SHA-256:
a003e9f22494b746fe8751b429b093afc01a92a4c3de28f0b11ecd0a6a101a1a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
5/8/2024 7:46:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.BooZaka (M)
16.2.8.2

File size:
244.3 KB (250,136 bytes)

Product version:
1.0.0.3

Copyright:
(c) BooZaka. All rights reserved.

Original file name:
BooZakaIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States d'America)

Common path:
C:\Program Files\boozaka\boozakabho.dll

Digital Signature
Signed by:
BooZaka

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 1:00:00 AM

Valid to:
3/20/2015 12:59:59 AM

Subject:
CN=BooZaka, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BooZaka, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
798D14F2EA94D165A332BEEBA73F4EE8

File PE Metadata
Compilation timestamp:
9/26/2014 10:44:52 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:GJxoeBsqPNiKQkpiUFjIlime9eAxjN+/IaIVWYT8faT:GpBsqPBQSimeGYIUi8faT

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 04, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, FC, A4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file boozakabho.dll has been discovered within the following programs.

BooZaka  by Yontoo Technology, Inc.
BooZaka is an adware program that integrates into the user's web browsers (IE, Chrome, Firefox) and will perform a number of functions mostly designed to generate advertising supported or affiliate revenue.
boozaka.net/support
81% remove it
Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

The file boozakabho.dll has been seen being distributed by the following URL.

http://install-cdn.boozaka.net/bed?bet=3

Remove boozakabho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.