» 2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe
Overview
Analysis
File Details
Downloads (6)

2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe

Web Bar

Web Bar Media

The application 2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe, “Web Bar Setup ” by Web Bar Media has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from source.cdnquest.com and multiple other hosts.

File name:

Publisher:

Web Bar Media (signed by Web Bar Media)

Product:

Web Bar

Description:

Web Bar Setup

MD5:

b04498511a7c81d7755a9969880f5523

SHA-1:

a8a3be58b2b161fe22628e2d438282f4f1bb5cd0

SHA-256:

6c440235901ef54331e977450fbc4bf2f5151344474a80c73373aecbeb5b932e

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

1/13/2025 11:01:16 AM UTC (today)

Scan engine

Detection

Engine version

herdProtect (fuzzy)

variant of awhe4c5.tmp

2015.6.11.16

Reason Heuristics

PUP.Installer.WebBarMedia

15.3.5.2

File size:

2.1 MB (2,190,016 bytes)

Product version:

2.0.5527.25142

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\20391\2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe

Digital Signature

Signed by:

Web Bar Media

Authority:

Symantec Corporation

Valid from:

2/5/2015 4:00:00 PM

Valid to:

2/6/2016 3:59:59 PM

Subject:

CN=Web Bar Media, O=Web Bar Media, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7B7C7A3031BA614438E5A48FF24DD7

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:B9Hsk7pft4ICHPHR4x8x1UGexmbcMGC3U3MlLVmczEdjJYJdXjLnEJYPNM7unz2:/Hzv8R4x8x1UGomgkUinzEdjyXIYPv2

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9350

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file 2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe has been seen being distributed by the following 6 URLs.

http://source.cdnquest.com/.../Web_Bar_Setup.exe

http://download.freedownloadmanager.org/Windows-PC/.../FREE-2.0.5749.22382.html?ac1b04e

http://cdn.download4desktop.com/Installer/.../WebBar20150303.exe

http://getwebbar.com/.../Web_Bar_Setup.exe

http://dl.ourstaticdatastorage.com/.../wb-setup.exe

http://web-bar1.software.informer.com/.../

Remove 2a4970b5-d65d-4c5d-8fc5-c9df05dc5e44.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.