home

mb.exe

Web Bar

Web Bar Media

The application mb.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address li491-84.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Web Bar Media

Product:
Web Bar

Version:
2.0.5759.21132

MD5:
c354c423ccffa1a8de6279cc2a3dc76f

SHA-1:
20c51361bc88e46861d8f5254c43296034bcbb19

SHA-256:
58c433f70e3481a2b9d5beec6929c8eb3b9e84df72d56c1f0eee0ad270655dfe

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 12:57:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebBarMedia.Optional.Meta (L)
15.10.18.18

File size:
245 KB (250,880 bytes)

Product version:
2.0.5759.21132

Copyright:
Copyright © 2014

Original file name:
mb.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mybar\2.0.5759.21132\mb.exe

File PE Metadata
Compilation timestamp:
10/8/2015 10:44:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:UKd0bFIsgZVuY9oOMG0g0y1cJsRcv4SkoRoBh7w5Wk+N1ZzhfouhC+0USiDwu:UQGOl10Lecv4Sw7eCzk

Entry address:
0x36BBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
211 KB (216,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

TCP (HTTP):
Connects to r2.ycpi.vip.ir2.yahoo.net  (217.12.13.41:80)

TCP (HTTP):
Connects to r1.ycpi.vip.ir2.yahoo.net  (217.12.13.40:80)

TCP (HTTP):
Connects to host-213.158.175.75.tedata.net  (213.158.175.75:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to e2.ycpi.vip.amb.yahoo.com  (87.248.116.12:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.deb.yahoo.com  (87.248.118.23:443)

TCP (HTTP):
Connects to e1.ycpi.vip.lob.yahoo.com  (217.12.1.150:80)

TCP (HTTP):
Connects to e2.ycpi.vip.lob.yahoo.com  (217.12.1.151:80)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.deb.yahoo.com  (87.248.118.22:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.amb.yahoo.com  (87.248.116.11:443)

TCP (HTTP):
Connects to r1.ycpi.vip.ne1.yahoo.net  (98.138.81.72:80)

TCP (HTTP):
Connects to r1.ycpi.vip.bf1.yahoo.net  (98.139.199.204:80)

Remove mb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.