webbar70.exe

The application webbar70.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net and multiple other hosts.
MD5:
40c294e59cc28c18b27b00b59553d91d

SHA-1:
20b3c32360da92b45c7635da8a8f1ba8f5de3c85

SHA-256:
975c0a9b101069adb41c13dcdd2c02c06fd08e8686d94ca600df7c782894ea1b

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:05:24 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetize
2015.05.13

avast!
Win32:GenMaliciousA-HPS [Adw]
2014.9-150416

Fortinet FortiGate
W32/Dx.DQS!tr
5/13/2015

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

McAfee
RDN/Generic.dx!dqs
5600.6766

Norman
Suspicious_Gen4.IGIBV
11.20150513

Panda Antivirus
Generic Suspicious
15.05.13.01

Trend Micro House Call
TROJ_GEN.R02SC0ODS15
7.2.133

Trend Micro
TROJ_GEN.R02SC0ODS15
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic
40170

File size:
850.5 KB (870,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\webbar70.exe

File PE Metadata
Compilation timestamp:
4/15/2015 5:58:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Z1fQ/dg/nr04EAbz7Nzw83rlF48adX42zeIatW8lyCkxdxVPie:ZL/g4dxEGpOBdX4NDM84f7VPi

Entry address:
0x53EEB

Entry point:
E9, 50, 80, 04, 00, E9, 9B, 5E, 01, 00, E9, 26, 65, 05, 00, E9, E1, 95, 02, 00, E9, 7C, 38, 01, 00, E9, 67, 97, 08, 00, E9, 02, AE, 00, 00, E9, AD, 92, 05, 00, E9, F8, D5, 05, 00, E9, B3, 9B, 03, 00, E9, AE, C1, 01, 00, E9, 89, 97, 08, 00, E9, F4, 44, 08, 00, E9, FF, BD, 07, 00, E9, 5A, 63, 05, 00, E9, E5, F7, 03, 00, E9, C0, 9F, 03, 00, E9, 6B, 88, 03, 00, E9, B6, 85, 04, 00, E9, D1, 96, 08, 00, E9, 0C, 43, 08, 00, E9, 47, 41, 00, 00, E9, E2, AE, 00, 00, E9, FD, C9, 03, 00, E9, 38, B1, 08, 00, E9, 53, E7...
 
[+]

Entropy:
5.6025

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
675.5 KB (691,712 bytes)

The file webbar70.exe has been seen being distributed by the following 6 URLs.

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/Wajam_Amonetize/.../downloadb.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/CloudGuard_Amonetize/.../downloadb.exe

Remove webbar70.exe - Powered by Reason Core Security