» updatebizzybolt.exe.536c6580.vir
Overview
Analysis
File Details
Programs (1)

updatebizzybolt.exe.536c6580.vir

Bizzybolt

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file updatebizzybolt.exe.536c6580.vir by Bizzybolt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Bizzybolt by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

Bizzybolt (signed and verified)

Version:

1.0.5239.24954

MD5:

08fab2131bf3ab8572eb69306e787eee

SHA-1:

001fa6de56c805b463036c0d8504ccf3d3874ca0

SHA-256:

2026094513ce3f2ef3ff3b098813fb61b2fe81bb79452bef85e77faaf96db12d

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/25/2024 3:27:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.Bizzybolt (M)

16.2.2.16

File size:

309.3 KB (316,704 bytes)

Product version:

1.0.5239.24954

Original file name:

Bizzybolt.exe

Language:

Language Neutral

Digital Signature

Signed by:

Bizzybolt

Authority:

VeriSign, Inc.

Valid from:

11/13/2013 10:00:00 PM

Valid to:

11/14/2014 9:59:59 PM

Subject:

CN=Bizzybolt, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bizzybolt, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0685C192D4CB282599187BB8B1DA543C

File PE Metadata

Compilation timestamp:

5/6/2014 11:52:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:2HVBn8KdiPJzbv1kS24xA9B7gfYr8w6/eofbELkXb:2HVB/4hbv23gQojDb

Entry address:

0x4D12A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

300.5 KB (307,712 bytes)

The file updatebizzybolt.exe.536c6580.vir has been discovered within the following program.

Bizzybolt by Yontoo Technology, Inc.

This is an unwanted web browser extension that delivers search hijacking as well as contextual advertising within a user's web browser. The program does this by modifying the user's home and search pages in order to monetize search activities.

bizzybolt.co/support

86% remove it

Remove updatebizzybolt.exe.536c6580.vir - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.