home

wb.exe

Web Bar

Web Bar Media

The application wb.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address a-0001.a-msedge.net on port 443.
Publisher:
Web Bar Media

Product:
Web Bar

Version:
2.0.5897.26129

MD5:
59e28bd718a3493673ddb6259b51070e

SHA-1:
64bf3d74d378137dcfd029c0b9e68abd5771601f

SHA-256:
ebf52d4d40fc7dfd6cfcc2ba47ccb8c05a44a4a483ca769c79dbddf24bb2eb73

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 8:33:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebBarMedia.Optional.Meta (L)
16.2.24.0

File size:
223 KB (228,352 bytes)

Product version:
2.0.5897.26129

Copyright:
Copyright © 2014

Original file name:
wb.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\webbar\2.0.5897.26129\wb.exe

File PE Metadata
Compilation timestamp:
2/23/2016 11:30:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Tpd2Se3oUTz6a7QPOReMz+9fm4G/XfeLP8flIMMIouzt+5Ueo2+zsB:TpYYUH7QWYMxrX24z+0s

Entry address:
0x332BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
197 KB (201,728 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-57-43-205.deploy.static.akamaitechnologies.com  (23.57.43.205:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

Remove wb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.