dale.exe

Woolik technologies ltd

The application dale.exe by Woolik technologies ltd has been detected as adware by 7 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
1c59d8d173650a2c2858783eb52eb22d

SHA-1:
775c75d305522334141d325b43eff8a2d829dbcf

SHA-256:
8613589219313d8688406936a69af71318b98f5dc9278dfe426eb8ae14995087

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/23/2024 6:40:32 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Cloda72.Trojan
1.3.0.4415

Dr.Web
Adware.Babylon.14
9.0.1.0243

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9027

Malwarebytes
v2014.08.31.04

McAfee
Artemis!1C59D8D17365
5600.7022

Reason Heuristics
PUP.Wooliktechnologiesltd.E
14.8.31.4

Trend Micro House Call
TROJ_GEN.F47V0912
7.2.243

File size:
768.3 KB (786,704 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\9055d99fff1a487bb2b057d2230d5538\software\dale.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 2:00:00 AM

Valid to:
7/26/2014 1:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
7/31/2013 10:41:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:YjGCCiGTvn0NseYu4Sh8YfUl48ZtI4v5q2A6Ad8:YjrCb7pPb+Ul4y7Q2A6Ad8

Entry address:
0x1C48

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

Remove dale.exe - Powered by Reason Core Security