onlytb.exe

Woolik technologies ltd

The application onlytb.exe by Woolik technologies ltd has been detected as adware by 9 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
6d8834a7524229fd96e45a16442ad78f

SHA-1:
6129429d17cf396f156cb69ccc2984a8465cef66

SHA-256:
559dabe222dff8afef056c6cf2d54d0cd7638114479a4aa2d2338b44df9b8f71

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/27/2024 1:14:06 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Toolbar
2013.10.30

Dr.Web
Adware.Babylon.10
9.0.1.0357

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9122

herdProtect (fuzzy)
2013.12.28.13

Malwarebytes
PUP.Optional.PCFixSpeed.A
v2013.12.23.02

Reason Heuristics
PUP.Wooliktechnologiesltd.G
14.8.7.21

Trend Micro House Call
TROJ_GEN.F47V1014
7.2.362

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.24.3

File size:
717.4 KB (734,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\onlytb.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 7:00:00 AM

Valid to:
7/26/2014 6:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
6/16/2013 6:48:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:vsZfDKTlVxfweBSdVe6EnNvlQmJQX5ONBC+/1DFosuEyqQUMICbU6amf4BnoofsO:viGTTvBSNmveWQXOF9DaJZjIMUMSn5Ey

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Entropy:
7.9953

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

Remove onlytb.exe - Powered by Reason Core Security