» 0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe
Overview
Analysis
File Details
Behaviors (1)

0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe

Goobzo LTD

The application 0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe by Goobzo has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.

File name:

Publisher:

iWebar (signed by Goobzo LTD)

Product:

iWebar

Description:

iWebar exe

Version:

1000.1000.1000.1000

MD5:

a3dea20a87ec0691a93f44fa1aa5eec6

SHA-1:

874395803bb2bd32906fbd6171f0a6497dc2b1ab

SHA-256:

aff148c194ef4b1657d887030dfd0f1854d2ceb013c1f5105c82f4798a1cb173

Scanner detections:

12 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 2:16:21 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.246

AVG

Skodna

2015.0.3399

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14729

ESET NOD32

Win32/Toolbar.CrossRider.AK potentially unwanted application

8.7.0.302.0

herdProtect (fuzzy)

variant of aeb72fb8-9cd0-4140-8976-13d9595577ee-4.exe (Adware)

2014.9.10.1

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.GoHD.A

v2014.07.29.10

Panda Antivirus

Trj/Genetic.gen

14.07.29.10

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Task.Goobzo.g

14.8.8.2

Sophos

AppRider

4.98

VIPRE Antivirus

Threat.4789396

31208

File size:

848.4 KB (868,720 bytes)

Product version:

1000.1000.1000.1000

Original file name:

iWebar.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\iwebar\0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 7:00:00 AM

Valid to:

5/3/2015 6:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

7/25/2014 5:03:21 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:jsQoVbajrJSFNrNI5c5TyXlrwjx0lpxEjcYuh7Y29NWAP1LXRRN3dwppTl68:jKbie5OKClrwjx0lTXNFB2Tx

Entry address:

0x8B50F

Entry point:

E8, 7D, E3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41... 
[+]

Entropy:

6.5365

Code size:

696.5 KB (713,216 bytes)

Scheduled Task

Task name:

0d202004-a729-4ad5-a1a5-cc73fe467806-4

Trigger:

Logon (Runs on logon)

Action:

0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe \nlepiygf \gqqslkhhf='iwebar' \facbeivvx='C:\progr

Remove 0d202004-a729-4ad5-a1a5-cc73fe467806-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.