8fc3a8c0-ae98-4a1f-8763-923ef0608bce-11.exe

iWebar

Webby

The application 8fc3a8c0-ae98-4a1f-8763-923ef0608bce-11.exe has been detected as adware by 27 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Webby

Product:
iWebar

Description:
iWebar exe

Version:
1000.1000.1000.1000

MD5:
91882c03715408f9f7a5f9bde123b76a

SHA-1:
c388a720817c7ecef9019b7125434f22ce8a3196

SHA-256:
114a46298113c67f9dd1c6b250aaa600adb9e953607861d8d633cba3aab331d9

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/27/2024 5:36:16 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.11.12

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.2.2

Arcabit
Application.Heur.EBF738
1.0.0.593

AVG
Crossrider_r.J
2016.0.2928

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.151112

Bitdefender
Gen:Application.Heur.zv0@m4Uqs@fO
1.0.20.1580

Comodo Security
Application.Win32.CrossRider.CK
23572

Dr.Web
Trojan.Crossrider1.55364
9.0.1.0316

ESET NOD32
Win32/Toolbar.CrossRider.BV potentially unwanted (variant)
9.12550

Fortinet FortiGate
Riskware/CrossRider
11/12/2015

F-Prot
W32/S-738e3e40
v6.4.7.1.166

F-Secure
Gen:Application.Heur.zv0@m4Uqs@fO
11.2015-12-11_5

G Data
Gen:Application.Heur.zv0@m4Uqs@fO
15.11.25

IKARUS anti.virus
PUA.Plush
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.17819

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.CrossRider
14.0.0.1134

McAfee
PUP-FVY
5600.6584

MicroWorld eScan
Gen:Application.Heur.zv0@m4Uqs@fO
16.0.0.948

NANO AntiVirus
Riskware.Win32.CrossRider.dypegi
0.30.26.4437

Panda Antivirus
Generic Suspicious
15.11.12.05

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1077

Reason Heuristics
Adware.Crossrider.Webby (M)
15.11.12.5

Rising Antivirus
PE:PUF.CrossRider!1.A157 [F]
23.00.65.151110

Sophos
Generic PUA MD (PUA)
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9513

VIPRE Antivirus
Trojan.Win32.Generic
45160

File size:
1.4 MB (1,473,024 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
iWebar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\iwebar\8fc3a8c0-ae98-4a1f-8763-923ef0608bce-11.exe

File PE Metadata
Compilation timestamp:
11/8/2015 12:05:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:+vLwTbDNl78ylVbjQYb/BxATsNCYnJxFokctRgCle/cv0roBK5OvVC/pSh8T3qp:+vLwHDfJjrbATsNCY/KkcnBlW1AY/pS8

Entry address:
0xE1B31

Entry point:
E8, 5F, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 92, FE, 00, 00, 3B, 30, 7C, 07, E8, 89, FE, 00, 00, 8B, 30, E8, 7C, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 60, 17, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 60, 17, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F6, EA...
 
[+]

Entropy:
6.5451

Code size:
1 MB (1,073,664 bytes)

Scheduled Task
Task name:
8fc3a8c0-ae98-4a1f-8763-923ef0608bce-11

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.82.33:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

Remove 8fc3a8c0-ae98-4a1f-8763-923ef0608bce-11.exe - Powered by Reason Core Security