» BUSolution.dll
Overview
Analysis
File Details
Programs (9)

BUSolution.dll

BU Dynamic Link Library

Woolik technologies ltd

The module BUSolution.dll by Woolik technologies ltd has been detected as adware by 5 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Opti Chrome Toolbar by Babylon Ltd, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

BUSolution.dll

Publisher:

Woolik technologies ltd (signed and verified)

Product:

BU Dynamic Link Library

Version:

2.0.3.1

MD5:

b418fcaafdc829a5b83123ea8404bab4

SHA-1:

05087ce1ddee9cc2507968e9d27177da78f56b9d

SHA-256:

93d01d94d1199c88d0ef9528ed9397024070666b007577f8f15296e66cc9304b

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

9/21/2024 12:25:42 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Dr.Web

DLOADER.Trojan

9.0.1.0351

ESET NOD32

Win32/Toolbar.Babylon (variant)

9.9062

Malwarebytes

PUP.Optional.BabSolution.A

v2015.06.19.04

Reason Heuristics

PUP.Wooliktechnologiesltd.K

14.8.7.21

File size:

422.4 KB (432,496 bytes)

Product version:

2.0.3.1

Original file name:

BUSolution.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\latest\busolution.dll

Digital Signature

Signed by:

Woolik technologies ltd

Authority:

VeriSign, Inc.

Valid from:

7/24/2013 9:00:00 PM

Valid to:

7/25/2014 8:59:59 PM

Subject:

CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

233D2998915945A85914A5071B609336

File PE Metadata

Compilation timestamp:

9/3/2013 7:29:27 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:x5qYevy0rBo5tH4Lc7hJskFwI9rvwQmCeKzkD:zRe9Bo5tYLcV3/9WCeKzkD

Entry address:

0x2FA66

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 23, A2, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, D3, 05, 10, E8, 7B, C4, FF, FF, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E8, 1C, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 38, FF, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

284 KB (290,816 bytes)

The file BUSolution.dll has been discovered within the following programs.

Bueno Chrome Toolbar by Babylon Ltd

Bueno Chrome Toolbar is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.

info.buenosearch.com

82% remove it

DaleSearch Chrome Toolbar by Babylon Ltd

Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.

info.dalesearch.com

66% remove it

Delta Chrome Toolbar by Visual Tools

Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.

83% remove it

Doko Chrome Toolbar by Babylon Ltd

Doko Chrome Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

82% remove it

MixiDJ chrome Toolbar by Conduit Ltd.

MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.

MixiDJV30.OurToolbar.com

66% remove it

Only Chrome Toolbar by Woolik technologies ltd

This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software.

85% remove it

Opti Chrome Toolbar by Babylon Ltd

This is a potentially unwanted web browser extension that is designed to deliver search-based hijacking as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.

57% remove it

Search-Gol Chrome Toolbar by Search-Gol

SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.

info.searchgol.com

67% remove it

Tika Chrome Toolbar by Babylon Ltd

Babylon's Tika Toolbar is a potentially unwanted ad-supported (adware) toolbar and web browser extension that will hijack the user's browser search page and provider in order to redirect searches to www.tika-search.com.

www.tika-search.com

79% remove it

Remove BUSolution.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.