utilbizzybolt.exe

Bizzybolt

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilbizzybolt.exe by Bizzybolt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Bizzybolt”. This file is typically installed with the program Buzzdock by Alactro LLC which is a potentially unwanted software program.
Publisher:
Bizzybolt  (signed and verified)

Version:
1.0.5693.17892

MD5:
5fb86a8ac6ce83510f001eebfd083ecb

SHA-1:
883ba5a226f04934f88ddbed132a4fee6ba14fc2

SHA-256:
e5741f0805745fcea3babfd102e7c911498bb99ebd4007f4411a3c21a2255ffd

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
12/25/2024 12:04:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.9.30.20

File size:
633.2 KB (648,432 bytes)

Product version:
1.0.5693.17892

Original file name:
Bizzybolt2015080317.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\Program Files\bizzybolt\bin\utilbizzybolt.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/5/2014 2:00:00 AM

Valid to:
12/6/2015 1:59:59 AM

Subject:
CN=Bizzybolt, O=Bizzybolt, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
470ECE4348EF28A235A2D9E57351E91B

File PE Metadata
Compilation timestamp:
8/3/2015 8:56:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:0blEQAeQYwePHLiKEGd4myRyBMZQpBLDDhTDKQTZprP5O0QCw39awuxQgJjDkOfu:YGFiweYCUyBMZQpBLt9rq9anxpJjzLGL

Entry address:
0x9E076

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
624.5 KB (639,488 bytes)

Service
Display name:
Update Bizzybolt

Type:
Win32OwnProcess


The file utilbizzybolt.exe has been discovered within the following program.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

Remove utilbizzybolt.exe - Powered by Reason Core Security