home

iweb.exe_a

Id-Ayiteuitnwnxmd

Lncjivpjrfxi & co.

The file iweb.exe_a has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Lncjivpjrfxi & co.

Product:
Id-Ayiteuitnwnxmd

Description:
Qjgjxbgshfruz

Version:
0.22.1.21

MD5:
bb5eda49fea3c051f0dea950d97ab9cf

SHA-1:
20a3f3c9ba77d25ddd9d57b7788e88bd12dd8153

SHA-256:
4eda690a334224a608227b9d15fad24e163071951a56cc1c1db167155bd9b594

Scanner detections:
9 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/25/2024 1:19:15 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.02.01

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.206.62

Baidu Antivirus
PUA.Win32.ScrambleWrapper
4.0.3.15131

Bkav FE
HW32.Packed
1.3.0.6379

Clam AntiVirus
Win.Trojan.Crossrider-36
0.98/20008

ESET NOD32
Win32/Packed.ScrambleWrapper.O potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.CrossRider.A
v2015.01.31.06

Panda Antivirus
Trj/Genetic.gen
15.01.31.06

Reason Heuristics
PUP.Downloader.Lncjivpjrfxico
15.1.31.6

File size:
2.1 MB (2,176,551 bytes)

Copyright:
Copyright Vbzakdc

Trademarks:
Ayiteuitnwnxmd is a trademark of Zwiqb

Installer:
Nullsoft Install System

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\3zmq7ecg\iweb.exe_a

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
49152:HMrTWg2INYIq62O/0Uon4b5MR0f4mKD8RSX60e/QG:sHl2INY9pa0li5MCfG8RSKBoG

Entry address:
0x412D

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
33.5 KB (34,304 bytes)

Remove iweb.exe_a - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.