» hoolapp.exe
Overview
Analysis
File Details
Behaviors (1)

hoolapp.exe

Hoolapp

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application hoolapp.exe by Hoolapp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Hoolapp Android’.

File name:

hoolapp.exe

Publisher:

Hoolapp (signed and verified)

MD5:

ff86bc7d144bc8429f70b63b057adeae

SHA-1:

62a0e025600a69ce0bc0ffff879e1c23f1fbe7ea

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/26/2024 6:40:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

16.10.21.10

File size:

1.3 MB (1,387,482 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\hoolappforandroid\hoolapp.exe

Digital Signature

Signed by:

Hoolapp

Authority:

COMODO CA Limited

Valid from:

11/20/2012 2:00:00 AM

Valid to:

11/21/2015 1:59:59 AM

Subject:

CN=Hoolapp, O=Hoolapp, STREET=63 Rothschild Blvd., L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1205B27293082834E7A5D38AE9D121B7

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:KdyavdTYjlxuD9BniiYx5yfmxikhFuGzJuvu68rX70ZB6Vd0:kd8JxuD3nizVxikCouvu7KBAC

Entry address:

0x12F000

Entry point:

B9, 49, 89, 46, 09, 90, 90, 68, 20, F0, 52, 00, 5F, 90, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 0C, 3E, 90, 4E, 83, EE, 03, 90, 90, 75, F4, 90, 90, A1, F4, 47, 09, 49, 89, 46, 09, 49, 89, 06, 09, 49, F1, 4B, 09, 79, FD, 54, 09, 93, F2, 54, 09, 49, 39, 44, 09, B6, 76, B9, F6, 25, FB, 08, 09, A9, F3, 08, 09, B1, F3, 08, 09, 49, 89, 46, 09, 49, 89, 46, 09, 49, 89, 46, 09, 25, 93, 48, 09, 97, F3, 48, 09, BF, F3, 48, 09, 49, 89, 46, 09, 49, 89, 46, 09, 49, 89, 46, 09, 49, 89, 46, 09, 49, 89, 46, 09, 49, 89, 46, 09... 
[+]

Entropy:

7.1750

Code size:

879 KB (900,096 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Hoolapp Android

Command:

"C:\docume~1\admini~1\applic~1\hoolap~1\hoolapp.exe" \minimized

Remove hoolapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.