home

wb.exe

Web Bar

Web Bar Media

The application wb.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WebBar’. While running, it connects to the Internet address li491-84.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Web Bar Media

Product:
Web Bar

Version:
2.0.5897.26069

MD5:
833352b40cf9396a9fe96ec196e216af

SHA-1:
ac1c4429fea182cba00f5201b7ee524690acc11d

SHA-256:
404f9d0824e2a33b2cbb9b923d0a1ec8030c7ead425d25617fdb594dab44deea

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:46:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebBarMedia.Optional.Meta (L)
16.2.24.20

File size:
223 KB (228,352 bytes)

Product version:
2.0.5897.26069

Copyright:
Copyright © 2014

Original file name:
wb.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\webbar\2.0.5897.26069\wb.exe

File PE Metadata
Compilation timestamp:
2/23/2016 11:28:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:4pd2Se3oUTzaa7QPOReML+9fmo2/XfeLP80lIMMIouzt+5UeoW+zsG:4pYYUn7QWYMpjX24E+0s

Entry address:
0x332BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
197 KB (201,728 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WebBar

Command:
C:\users\{user}\appdata\local\webbar\2.0.5897.26069\wb.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

TCP (HTTP):
Connects to ec2-54-210-225-16.compute-1.amazonaws.com  (54.210.225.16:80)

Remove wb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.