home

webbing.exe

abc

The application webbing.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 83554609 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.nym011.internap.com on port 80 using the HTTP protocol.
Product:
abc

Version:
1.0.0.0

MD5:
c689c74198b39db16d9470537c6a5c3e

SHA-1:
56d81257081bf4ab1f67d922d9468387f7029671

SHA-256:
5f6fb344a8b69eaf51fd189355a314568fe4e78af4958c76f4661edb88a14503

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 5:26:56 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.6.3

File size:
282 KB (288,768 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
webbing.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\webbing.exe

File PE Metadata
Compilation timestamp:
12/14/2016 7:37:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x47C0E

Entry point:
FF, 25, 1C, 7C, 44, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 7B, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 13, 10, 52, 58, 00, 00, 00, 00, 02, 00, 00, 00, 4B, 00, 00, 00, 40, 7C, 04, 00, 40, 5E, 04, 00, 52, 53, 44, 53, 8D, A9, 43, 0B, 23, 5B, 21, 47, 97, 4D, 28, F9, 19, 74, 83, 0B, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 41, 64, 6D, 69, 6E, 69, 73, 74, 72, 61, 74, 6F, 72, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 77, 65, 62, 62, 69, 6E, 67, 5C, 77, 65, 62, 62, 69, 6E, 67, 2E, 70, 64, 62, 00, 00, 00, 00...
 
[+]

Entropy:
5.8586

Code size:
279.5 KB (286,208 bytes)

Scheduled Task
Task name:
83554609

Trigger:
Logon (Runs on logon)

Description:
8355460983554609


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-141-228.sfo5.r.cloudfront.net  (54.230.141.228:80)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to server-54-230-141-233.sfo5.r.cloudfront.net  (54.230.141.233:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to server-54-230-141-220.sfo5.r.cloudfront.net  (54.230.141.220:80)

TCP (HTTP):
Connects to server-54-230-141-148.sfo5.r.cloudfront.net  (54.230.141.148:80)

TCP (HTTP):
Connects to server-52-85-77-198.lax3.r.cloudfront.net  (52.85.77.198:80)

TCP (HTTP SSL):
Connects to server-52-84-239-128.sfo5.r.cloudfront.net  (52.84.239.128:443)

TCP (HTTP):
Connects to ec2-34-199-235-54.compute-1.amazonaws.com  (34.199.235.54:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.10:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP):
Connects to server-52-85-83-140.lax1.r.cloudfront.net  (52.85.83.140:80)

TCP (HTTP):
Connects to cdce.acs006.internap.com  (64.74.126.13:80)

TCP (HTTP):
Connects to usloft4651.serverprofi24.eu  (209.126.120.45:80)

TCP (HTTP):
Connects to server-52-84-239-213.sfo5.r.cloudfront.net  (52.84.239.213:80)

TCP (HTTP):
Connects to server-52-84-239-179.sfo5.r.cloudfront.net  (52.84.239.179:80)

TCP (HTTP):
Connects to ec2-54-236-78-248.compute-1.amazonaws.com  (54.236.78.248:80)

TCP (HTTP):
Connects to ec2-52-73-204-166.compute-1.amazonaws.com  (52.73.204.166:80)

TCP (HTTP):
Connects to ec2-52-72-222-80.compute-1.amazonaws.com  (52.72.222.80:80)

Remove webbing.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.