wb.exe

Web Bar

Web Bar Media

The application wb.exe by Web Bar Media has been detected as adware by 2 anti-malware scanners.
Publisher:
Web Bar Media  (signed and verified)

Product:
Web Bar

Version:
2.0.5659.26749

MD5:
b055d48079fee353315a13a17cb38093

SHA-1:
63f820c1f7d407f180dd3351e0f54afd887e7fd1

SHA-256:
34506737c8417e3e98198fcd51a3b5cb790f77c71bffa9808cd0377972cf1f58

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 10:39:37 AM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
PUP/WebBarMedia
15.07.06.01

Reason Heuristics
PUP.WebBarMedia (M)
15.7.6.13

File size:
220.8 KB (226,072 bytes)

Product version:
2.0.5659.26749

Copyright:
Copyright © 2014

Original file name:
wb.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\webbar\2.0.5659.26749\wb.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=Web Bar Media, O=Web Bar Media, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7B7C7A3031BA614438E5A48FF24DD7

File PE Metadata
Compilation timestamp:
6/30/2015 6:51:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Mfxuctbla7QPOReMb+U1cI3/KBLZDfqJ4zZ0oukIn5U4ZsV+rHr:a99k7QWYMYWWnZoL

Entry address:
0x31DDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 80, 00, 00, 80, 10, 00, 00, 00, 98, 00, 00, 80, 18, 00, 00, 00, B0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 08, 00, 02, 00, 00, 00, C8, 00, 00, 80, 03, 00, 00, 00, E0, 00, 00, 80, 04, 00, 00, 00, F8, 00, 00, 80, 05, 00, 00, 00, 10, 01...
 
[+]

Entropy:
5.9415

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
191.5 KB (196,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to wl-in-f155.1e100.net  (64.233.167.155:443)

TCP (HTTP):
Connects to server-54-239-164-169.lhr50.r.cloudfront.net  (54.239.164.169:80)

TCP (HTTP):
Connects to rtr2.l7.search.vip.bf1.yahoo.com  (98.137.201.252:80)

TCP (HTTP SSL):
Connects to par10s21-in-f14.1e100.net  (216.58.208.206:443)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP SSL):
Connects to ec2-107-23-172-194.compute-1.amazonaws.com  (107.23.172.194:443)

Remove wb.exe - Powered by Reason Core Security