» optitb.exe
Overview
Analysis
File Details
Programs (1)

optitb.exe

Woolik technologies ltd

The application optitb.exe by Woolik technologies ltd has been detected as adware by 11 anti-malware scanners. This file is typically installed with the program Open Downloader Manager by Installer Technology Co which is a potentially unwanted software program. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

optitb.exe

Publisher:

Woolik technologies ltd (signed and verified)

MD5:

d1de3417c65153cc3fa958a47c15bc1f

SHA-1:

9d0212b4b060eeae1206ff1c2f60e4f3fb30517f

SHA-256:

5cccda19e1d7d0387601ca2569c8b88d1dee57e0d5221e557a881e07d85bf46a

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/19/2024 12:58:42 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

Bkav FE

W32.Clodbef.Trojan

1.3.0.4613

Dr.Web

Adware.Babylon.14

9.0.1.0359

ESET NOD32

Win32/Toolbar.Babylon (variant)

7.9258

K7 AntiVirus

Trojan

13.176.11721

Malwarebytes

PUP.Optional.Babylon

v2014.04.20.07

NANO AntiVirus

Trojan.Win32.Agent.ctknvv

0.28.0.59048

Reason Heuristics

PUP.Wooliktechnologiesltd.G

14.8.7.21

SUPERAntiSpyware

PUP.Babylon/Variant

10653

Trend Micro House Call

TROJ_GEN.F47V1017

7.2.359

Vba32 AntiVirus

Downloader.Agent

3.12.24.3

File size:

768.2 KB (786,592 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\optitb.exe

Digital Signature

Signed by:

Woolik technologies ltd

Authority:

VeriSign, Inc.

Valid from:

7/25/2013 12:00:00 AM

Valid to:

7/25/2014 11:59:59 PM

Subject:

CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

233D2998915945A85914A5071B609336

File PE Metadata

Compilation timestamp:

7/31/2013 8:41:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:fjpyKiGTTvBSNmveWQXOF9DaJZjIMUMSn5EtVYN:fjEKb/Tv9AOfwZUxMSn5eYN

Entry address:

0x1C48

Entry point:

55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

30 KB (30,720 bytes)

The file optitb.exe has been discovered within the following program.

Open Downloader Manager by Installer Technology Co

ODM is a download manager that plugs into various web browsers (IE, Chrome and Firefox). The installer is designed to bundle and offer various additional offers including toolbars and other potentially harmful programs.

opendownloadmanager.com

73% remove it

Remove optitb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.