» webprotect.exe
Overview
Analysis
File Details
Programs (1)

webprotect.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application webprotect.exe by Montiera Technologies has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Web Protect License by Montiera Technologies LTD which is a potentially unwanted software program. It is also typically executed from the user's temporary directory.

File name:

webprotect.exe

Publisher:

Pay By Ads LTD (signed by Montiera Technologies LTD)

Version:

1.3.0.0

MD5:

d6cce6da966ae5860f6fdd099ca5fd12

SHA-1:

51a525fefaf4d3c788d0ef4781220f12cbed7f8b

SHA-256:

0d67d2deab05fa185a5209622cb411021e0ab4899fb1ac97b6b1a40a57e39637

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

11/23/2024 7:46:57 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Montiera

2016.0.3228

Baidu Antivirus

Adware.Win32.Montiera

4.0.3.14826

ESET NOD32

Win32/Toolbar.Montiera (variant)

8.10275

Fortinet FortiGate

Riskware/Montiera

1/16/2015

IKARUS anti.virus

not-a-virus:Downloader.Montiera

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13965

Kaspersky

not-a-virus:WebToolbar.Win32.Montiera

14.0.0.3347

Malwarebytes

PUP.Optional.PayByAds.A

v2014.08.26.03

McAfee

Artemis!D6CCE6DA966A

5600.6884

Panda Antivirus

Trj/Chgt.B

14.08.26.03

Reason Heuristics

PUP.Montiera.MontieraTechnologies

15.1.16.1

Sophos

PayByAds

4.98

Trend Micro House Call

Suspicious_GEN.F47V0811

7.2.16

VIPRE Antivirus

Montiera

32328

File size:

536.9 KB (549,768 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\webprotect.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/22/2014 7:00:00 PM

Valid to:

7/23/2015 6:59:59 PM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

8/7/2014 4:02:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:tvdoSUGhvVZ166+VNqJla3cgJZCNfJJPbqMIdPNu39CCIrRoF+:HW/3d0NfJJTqMIdPNeCXFo

Entry address:

0x3FD42

Entry point:

E8, AE, 83, 00, 00, E9, 89, FE, FF, FF, B8, 3A, 8C, 44, 00, A3, 10, 7A, 46, 00, C7, 05, 14, 7A, 46, 00, 30, 83, 44, 00, C7, 05, 18, 7A, 46, 00, E4, 82, 44, 00, C7, 05, 1C, 7A, 46, 00, 1D, 83, 44, 00, C7, 05, 20, 7A, 46, 00, 86, 82, 44, 00, A3, 24, 7A, 46, 00, C7, 05, 28, 7A, 46, 00, B2, 8B, 44, 00, C7, 05, 2C, 7A, 46, 00, A2, 82, 44, 00, C7, 05, 30, 7A, 46, 00, 04, 82, 44, 00, C7, 05, 34, 7A, 46, 00, 90, 81, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BF, 8E, 00, 00, DB... 
[+]

Entropy:

6.5641

Code size:

331.5 KB (339,456 bytes)

The file webprotect.exe has been discovered within the following program.

Web Protect License by Montiera Technologies LTD

WebProtect is a potentially unwanted software program ads a default home page and search engine provider to the user's web browser and protects the settings in order to collect search revenues.

73% remove it

Remove webprotect.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.