pcfixspeed_0509-e1347670.exe

Woolik technologies ltd

The application pcfixspeed_0509-e1347670.exe by Woolik technologies ltd has been detected as adware by 14 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
773db2d47c0556009e1642e6ec71d96a

SHA-1:
152e7ebf9f7e9d739719e5775cad57d2a49365df

SHA-256:
b9e44dbafe2fb1196df87c3bc4f8d6b3cdd41495220ea89c85d114a6820d69ae

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/24/2024 12:19:32 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Toolbar
2013.12.11

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.1585

Bkav FE
W32.Clod96b.Trojan
1.3.0.4613

Comodo Security
Application.Win32.Babylon.ac
17418

Dr.Web
Adware.Babylon.10
9.0.1.0127

ESET NOD32
Win32/Toolbar.Babylon (variant)
9.9156

herdProtect (fuzzy)
2015.8.5.23

Malwarebytes
v2015.05.07.11

McAfee
Artemis!773DB2D47C05
5600.6772

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.28.0.57630

Reason Heuristics
Threat.Montiera.Wooliktechnologies
15.5.7.19

Trend Micro House Call
TROJ_GEN.F47V0904
7.2.127

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.24.3

File size:
717.4 KB (734,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pcfixspeed_0509-e1347670.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 1:00:00 AM

Valid to:
7/26/2014 12:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
6/16/2013 12:48:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9sZfDKTlVxfweBSdVe6EnNvlQmJQX5ONBC+/1DFosuEyqQUMICbU6amf4BnoofsW:9iGTTvBSNmveWQXOF9DaJZjIMUMSn5EC

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Entropy:
7.9953

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

Remove pcfixspeed_0509-e1347670.exe - Powered by Reason Core Security