home

HulaToo.BRT.Helper.exe

HulaToo

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application HulaToo.BRT.Helper.exe by HulaToo has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address static.90.9.9.176.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
HulaToo  (signed and verified)

Version:
1.0.0.0

MD5:
fa7a6f09773a84eb66a68c4722c4b119

SHA-1:
4a06d3665559e18becf0eecb8b0dd96cfc20166d

SHA-256:
7332da9b13f41276530db7d73746bcd8f3d2b64f4e95cd6d34c4cafb5d8f9eaf

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/1/2024 5:48:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BH
6497485

Avira AntiVirus
ADWARE/BrowseFox.Gen4
7.11.207.154

avast!
Win32:BrowseFox-DW [PUP]
150203-1

AVG
Hulaoo
2016.0.3208

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.1525

Bitdefender
Adware.BrowseFox.BH
1.0.20.180

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.MSIL.BrowseFox.A
20971

Emsisoft Anti-Malware
Adware.BrowseFox.BH
9.0.0.4799

ESET NOD32
Win64/BrowseFox.X potentially unwanted application
7.0.302.0

F-Prot
W32/S-481ec56b
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BH
5.13.68

G Data
Adware.BrowseFox.BH
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14871

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.2533

McAfee
Program.BrowseFox.a
16.8.708.2

MicroWorld eScan
Adware.BrowseFox.BH
16.0.0.108

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.0.65070

Norman
BrowseFox.CERT
11.20150205

nProtect
Adware.BrowseFox.BH
15.02.05.01

Panda Antivirus
Trj/CI.A
15.02.05.10

Reason Heuristics
PUP.Yontoo
15.2.5.10

VIPRE Antivirus
Threat.4741131
37240

File size:
199.8 KB (204,568 bytes)

Product version:
1.0.0.0

Original file name:
HulaToo.BRT.Helper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\hulatoo\bin\hulatoo.brt.helper.exe

Digital Signature
Signed by:
HulaToo

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 6:00:00 AM

Valid to:
3/20/2015 5:59:59 AM

Subject:
CN=HulaToo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=HulaToo, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
089F9EDFF3BE5DAC5EE5E228073DBDC4

File PE Metadata
Compilation timestamp:
2/5/2015 8:38:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:x3xuO3WaRkVI9rY/PnuHj/8ePbXmWlfNvhh:xBuGWaRdY/GD/LPb26h

Entry address:
0x31AA2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6370

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
191 KB (195,584 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to yandex.ru  (213.180.204.11:443)

TCP (HTTP SSL):
Connects to www4.twitter.com  (199.59.149.230:443)

TCP (HTTP SSL):
Connects to www2.twitter.com  (199.59.149.198:443)

TCP (HTTP):
Connects to static.90.9.9.176.clients.your-server.de  (176.9.9.90:80)

TCP:
Connects to static.24.192.251.148.clients.your-server.de  (148.251.192.24:46159)

TCP (HTTP SSL):
Connects to r-199-59-150-7.twttr.com  (199.59.150.7:443)

TCP (HTTP SSL):
Connects to r-199-59-150-39.twttr.com  (199.59.150.39:443)

TCP (HTTP SSL):
Connects to r-199-59-148-82.twttr.com  (199.59.148.82:443)

TCP (HTTP SSL):
Connects to r-199-59-148-10.twttr.com  (199.59.148.10:443)

TCP:
Connects to ns465412.ip-94-23-22.eu  (94.23.22.147:37718)

TCP:
Connects to ns365885.ip-94-23-6.eu  (94.23.6.124:33527)

TCP:
Connects to nat-pool8-4.danpro.ru  (46.39.4.8:50362)

TCP (HTTP):
Connects to maa03s04-in-f5.1e100.net  (74.125.236.37:80)

TCP:
Connects to keypos.ru  (46.36.223.143:55470)

TCP:
Connects to hn.kd.ny.adsl  (125.46.39.175:61563)

TCP (HTTP SSL):
Connects to front.ocorba.yandex.net  (213.180.204.248:443)

TCP (HTTP):
Connects to ee-in-f87.1e100.net  (173.194.65.87:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin1.facebook.com  (31.13.79.246:443)

TCP:
Connects to bots04.sdstream.ru  (95.163.105.66:53649)

TCP (HTTP):
Connects to a23-207-152-42.deploy.static.akamaitechnologies.com  (23.207.152.42:80)

Remove HulaToo.BRT.Helper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.