» tbtika.exe
Overview
Analysis
File Details

tbtika.exe

Woolik technologies ltd

The application tbtika.exe by Woolik technologies ltd has been detected as adware by 10 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

tbtika.exe

Publisher:

Woolik technologies ltd (signed and verified)

MD5:

aa2ae1ae0b97efd2681a79cdabd0f39d

SHA-1:

338baca7f693a664d4685bf920d3020e0e0e7316

SHA-256:

e076510a998d7c10e4485b902969809845a94a66761088e03e91c84f1cd85434

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

5/22/2024 7:42:02 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.Toolbar

2013.12.11

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.1448

Bkav FE

W32.Clod96b.Trojan

1.3.0.4613

Comodo Security

Application.Win32.Babylon.ac

17418

Dr.Web

Adware.Babylon.10

9.0.1.098

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.9156

Malwarebytes

PUP.Optional.Babylon.A

v2014.04.08.09

NANO AntiVirus

Trojan.Win32.Babylon.csuksh

0.28.0.57630

Reason Heuristics

PUP.Wooliktechnologiesltd.G

14.8.7.21

File size:

717.4 KB (734,576 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\tbtika.exe

Digital Signature

Signed by:

Woolik technologies ltd

Authority:

VeriSign, Inc.

Valid from:

7/25/2013 1:00:00 AM

Valid to:

7/26/2014 12:59:59 AM

Subject:

CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

233D2998915945A85914A5071B609336

File PE Metadata

Compilation timestamp:

6/16/2013 12:48:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:BsZfDKTlVxfweBSdVe6EnNvlQmJQX5ONBC+/1DFosuEyqQUMICbU6amf4Bnoofs0:BiGTTvBSNmveWQXOF9DaJZjIMUMSn5EA

Entry address:

0x1595

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

Remove tbtika.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.