shieldpluscleaner.exe

Visual Tools Client Setup 1.0

Woolik technologies ltd

The application shieldpluscleaner.exe, “Visual Tools Client Setup” by Woolik technologies ltd has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Visual Tools Ltd.  (signed by Woolik technologies ltd)

Product:
Visual Tools Client Setup 1.0

Description:
Visual Tools Client Setup

Version:
1.0.5.0

MD5:
1417ebc1a675ca7bbfb8365876b854b2

SHA-1:
3b94ffe174f1683a2608c27ffc34bf4cba19fa97

SHA-256:
c097fb6ad0cfad2cf52829350a51650d5ef4da6ab7aacb66d6eb66a013dbdc1b

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 12:44:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

Dr.Web
Adware.Searcher.2766
9.0.1.0129

ESET NOD32
Win32/Toolbar.Babylon.AD (variant)
9.10937

IKARUS anti.virus
PUA.Toolbar.Babylon
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.202.15549

NANO AntiVirus
Riskware.Win32.Searcher.dotdbm
0.30.10.952

Reason Heuristics
Threat.Montiera.Installer
15.5.1.18

Trend Micro House Call
Suspicious_GEN.F47V1226
7.2.121

File size:
4.2 MB (4,381,536 bytes)

Copyright:
2011(c) Visual Tools Ltd. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\shieldpluscleaner.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/14/2014 7:00:00 PM

Valid to:
8/21/2015 6:59:59 PM

Subject:
CN=Woolik technologies ltd, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7F992DC68CD6D89798B6148730F501CD

File PE Metadata
Compilation timestamp:
10/22/2014 3:00:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:smMBzHMBtqnsds7TzRHULhfAJ2dm1yWP49NCGdrYcPpT+1F:mBzhsdsDqLxy2oy1PCG5YcFuF

Entry address:
0x2703

Entry point:
E8, 10, 1D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 3A, 41, 00, E8, C7, 1E, 00, 00, E8, EC, 01, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 1C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 16, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9920  (probably packed)

Code size:
51.5 KB (52,736 bytes)

Remove shieldpluscleaner.exe - Powered by Reason Core Security