» webbar70.exe
Overview
Analysis
File Details
Downloads (6)

webbar70.exe

The application webbar70.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net and multiple other hosts.

File name:

webbar70.exe

MD5:

40c294e59cc28c18b27b00b59553d91d

SHA-1:

20b3c32360da92b45c7635da8a8f1ba8f5de3c85

SHA-256:

975c0a9b101069adb41c13dcdd2c02c06fd08e8686d94ca600df7c782894ea1b

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

11/2/2024 3:36:16 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetize

2015.05.13

avast!

Win32:GenMaliciousA-HPS [Adw]

2014.9-150416

Fortinet FortiGate

W32/Dx.DQS!tr

5/13/2015

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.9.0

McAfee

RDN/Generic.dx!dqs

5600.6766

Norman

Suspicious_Gen4.IGIBV

11.20150513

Panda Antivirus

Generic Suspicious

15.05.13.01

Trend Micro House Call

TROJ_GEN.R02SC0ODS15

7.2.133

Trend Micro

TROJ_GEN.R02SC0ODS15

10.465.13

VIPRE Antivirus

Trojan.Win32.Generic

40170

File size:

850.5 KB (870,912 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\webbar70.exe

File PE Metadata

Compilation timestamp:

4/15/2015 5:58:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:Z1fQ/dg/nr04EAbz7Nzw83rlF48adX42zeIatW8lyCkxdxVPie:ZL/g4dxEGpOBdX4NDM84f7VPi

Entry address:

0x53EEB

Entry point:

E9, 50, 80, 04, 00, E9, 9B, 5E, 01, 00, E9, 26, 65, 05, 00, E9, E1, 95, 02, 00, E9, 7C, 38, 01, 00, E9, 67, 97, 08, 00, E9, 02, AE, 00, 00, E9, AD, 92, 05, 00, E9, F8, D5, 05, 00, E9, B3, 9B, 03, 00, E9, AE, C1, 01, 00, E9, 89, 97, 08, 00, E9, F4, 44, 08, 00, E9, FF, BD, 07, 00, E9, 5A, 63, 05, 00, E9, E5, F7, 03, 00, E9, C0, 9F, 03, 00, E9, 6B, 88, 03, 00, E9, B6, 85, 04, 00, E9, D1, 96, 08, 00, E9, 0C, 43, 08, 00, E9, 47, 41, 00, 00, E9, E2, AE, 00, 00, E9, FD, C9, 03, 00, E9, 38, B1, 08, 00, E9, 53, E7... 
[+]

Entropy:

5.6025

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

675.5 KB (691,712 bytes)

The file webbar70.exe has been seen being distributed by the following 6 URLs.

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/Wajam_Amonetize/.../downloadb.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/CloudGuard_Amonetize/.../downloadb.exe

http://b2c-descargas.s3.amazonaws.com/.../Bundle.exe

http://d1ykyz0mbyn4to.cloudfront.net/cl/inst/bundles/AnySent_Amonetize/.../downloadb.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/YTDownloader_Amonetize/.../downloadb.exe

https://securehost-2.com/.../Bundle.exe

Remove webbar70.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.