tbtika.exe

Woolik technologies ltd

The application tbtika.exe by Woolik technologies ltd has been detected as adware by 10 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Woolik technologies ltd  (signed and verified)

MD5:
aa2ae1ae0b97efd2681a79cdabd0f39d

SHA-1:
338baca7f693a664d4685bf920d3020e0e0e7316

SHA-256:
e076510a998d7c10e4485b902969809845a94a66761088e03e91c84f1cd85434

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
11/23/2024 6:31:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Toolbar
2013.12.11

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.1448

Bkav FE
W32.Clod96b.Trojan
1.3.0.4613

Comodo Security
Application.Win32.Babylon.ac
17418

Dr.Web
Adware.Babylon.10
9.0.1.098

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9156

Malwarebytes
v2014.04.08.09

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.28.0.57630

Reason Heuristics
PUP.Wooliktechnologiesltd.G
14.8.7.21

File size:
717.4 KB (734,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\tbtika.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 1:00:00 AM

Valid to:
7/26/2014 12:59:59 AM

Subject:
CN=Woolik technologies ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Woolik technologies ltd, L=Or Yeuda, S=israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
233D2998915945A85914A5071B609336

File PE Metadata
Compilation timestamp:
6/16/2013 12:48:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:BsZfDKTlVxfweBSdVe6EnNvlQmJQX5ONBC+/1DFosuEyqQUMICbU6amf4Bnoofs0:BiGTTvBSNmveWQXOF9DaJZjIMUMSn5EA

Entry address:
0x1595

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 44, 0A, 00, 00, A1, 00, 50, 40, 00, 33, C4, 89, 84, 24, 40, 0A, 00, 00, 53, 56, 33, DB, 57, 8D, 74, 24, 10, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, C3, 05, 00, 00, 53, 89, 9C, 24, 6C, 02, 00, 00, 89, 9C, 24, 70, 02, 00, 00, 89, 9C, 24, 74, 02, 00, 00, C7, 84, 24, 78, 02, 00, 00, 03, 00, 00, 00, FF, 54, 24, 50, 89, 84, 24, 64, 02, 00, 00, 8B, C6, E8, 07, FA, FF, FF, 3B, C3, 0F, 85, 1A, 01, 00, 00, 8D, 84, 24, 78, 02, 00, 00, 50, 8B, FE, E8, 2C, FF, FF, FF, 8B, F8, 3B, FB, 0F...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

Remove tbtika.exe - Powered by Reason Core Security