home

toolbar16827749.exe

Woolik technologies ltd

The application toolbar16827749.exe by Woolik technologies ltd has been detected as adware by 16 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
7c91f45f00f4d2584cf17dd57f015e7f

SHA-1:
e82a98e56d755277bb73e6491cf1023512e41c80

SHA-256:
316ced6d48ad934a55e359b6fd04f5565419ab1e745fb74868de2eed600d0b45

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/24/2024 12:29:16 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.ADH
2013.12.25

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.131228

Bkav FE
W32.Clod599.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17491

Dr.Web
Adware.Babylon.14
9.0.1.0358

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9190

Fortinet FortiGate
Dx.CSK!tr
12/28/2013

IKARUS anti.virus
Trojan.Crypt
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10623

McAfee
RDN/Generic.dx!csk
5600.7272

Panda Antivirus
Suspicious file
13.12.28.05

Reason Heuristics
PUP.Wooliktechnologiesltd.P
14.8.7.21

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_GEN.R0CBB04L913
7.2.358

Vba32 AntiVirus
Downloader.Agent
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
24706

File size:
767.9 KB (786,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\toolbar16827749.exe

Digital Signature
Signed by:
Woolik technologies ltd

Authority:
VeriSign, Inc.

Valid from:
7/25/2013 1:00:00 AM

Valid to:
7/26/2014 12:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
7/31/2013 9:41:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:JjPBsZfDKTlVxfweBSdVe6EnNvlQmJQX5ONBC+/1DFosuEyqQUMICbU6amf4Bno5:JjZiGTTvBSNmveWQXOF9DaJZjIMUMSnK

Entry address:
0x1C48

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

Remove toolbar16827749.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.