softwebbar.exe

UserMon

Global surveys

The application softwebbar.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SoftWebbar’. The file has been seen being downloaded from dl.interstat.eu. While running, it connects to the Internet address static.25.22.243.136.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
Global surveys

Product:
UserMon

Description:
Internet usage

Version:
1.0.3.18

MD5:
98a6f2beeca48685cfaa808326e769ac

SHA-1:
f8386b5d49b9d97a5adcb927be0317e75ef917ca

SHA-256:
671384ef9121c768009c7077eff5a77ac986b93678dd11902335f37b4c09b71a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:36:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GlobalSurveys
16.10.1.0

File size:
3.9 MB (4,110,848 bytes)

Product version:
1.0.3.18

Copyright:
Copyright (C) 2015

Original file name:
UserMon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\softwebbar\softwebbar.exe

File PE Metadata
Compilation timestamp:
5/5/2016 4:40:05 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:Ps/KmwMeSdrn/1mq80h2VCPD9vG1mq80hV:EdeSdrnMq8rCPTq80

Entry address:
0x84A8A

Entry point:
E8, 2D, 46, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, D9, 4F, 00, E8, 50, B0, 00, 00, E8, 46, 7E, 00, 00, 0F, B7, F0, 6A, 02, E8, C0, 45, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 54, A5, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.5571

Code size:
864 KB (884,736 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoftWebbar

Command:
C:\users\{user}\appdata\roaming\softwebbar\softwebbar.exe


The file softwebbar.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.25.22.243.136.clients.your-server.de  (136.243.22.25:80)

Remove softwebbar.exe - Powered by Reason Core Security