» toolbar26706653.exe
Overview
Analysis
File Details
Downloads (1)

toolbar26706653.exe

Woolik technologies ltd

The application toolbar26706653.exe by Woolik technologies ltd has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2txuyvgupvxmq.cloudfront.net.

File name:

toolbar26706653.exe

Publisher:

Woolik technologies ltd (signed and verified)

MD5:

ddaf09528ef4af5749438d50a54b5ad1

SHA-1:

9b55c5707a3c292ff4874e57022e83abb3969a6a

SHA-256:

39153db1a50879545f587d417b81456a93bf743f65b1e742e7ff9853e3020aa8

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

5/10/2024 1:30:26 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod004.Trojan

1.3.0.4415

Dr.Web

Adware.Babylon.14

9.0.1.0357

ESET NOD32

Win32/Toolbar.Babylon (variant)

7.9025

McAfee

Artemis!DDAF09528EF4

5600.7272

Reason Heuristics

PUP.Wooliktechnologiesltd.P

14.8.7.21

Trend Micro House Call

TROJ_GEN.F47V1017

7.2.357

Vba32 AntiVirus

suspected of Trojan.Downloader.gen

3.12.24.3

File size:

768 KB (786,456 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\toolbar26706653.exe

Digital Signature

Signed by:

Woolik technologies ltd

Authority:

VeriSign, Inc.

Valid from:

7/25/2013 12:00:00 AM

Valid to:

7/25/2014 11:59:59 PM

Subject:

CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

233D2998915945A85914A5071B609336

File PE Metadata

Compilation timestamp:

7/31/2013 8:41:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:tjmiGTTvBSNmveWQXOF9DaJZjIMUMSn5EtVYfAW:tjmb/Tv9AOfwZUxMSn5eYYW

Entry address:

0x1C48

Entry point:

55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

30 KB (30,720 bytes)

The file toolbar26706653.exe has been seen being distributed by the following URL.

http://d2txuyvgupvxmq.cloudfront.net/doko.exe

Remove toolbar26706653.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.