home

iwebar-bg.exe

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application iwebar-bg.exe by Gogo Network Club has been detected as adware by 39 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
iWebar  (signed by Gogo Network Club)

Product:
iWebar

Description:
iWebar exe

Version:
1000.1000.1000.1000

MD5:
d91316bc6fb99d90e73da4312f3c90aa

SHA-1:
20e525bdf80569b2f7b8d1a6e366407bd8239ddf

SHA-256:
6bc10af042c9fc8e23aa50c7dc8443fa27b60bdd132ae784158458a007d01845

Scanner detections:
39 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Gogo Network Club.

Analysis date:
4/19/2024 7:04:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Su1@kWnS6ski
6212523

AegisLab AV Signature
W32.Alman
2.1.4+

AhnLab V3 Security
PUP/Win32.CrossRider
2014.10.17

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.183.4

avast!
Win32:Crossrider-AI [PUP]
141214-1

AVG
Generic
2015.0.3253

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141221

Bitdefender
Gen:Variant.Adware.Plush.2
1.0.20.1775

Clam AntiVirus
Win.Adware.Agent-29499
0.98/21511

Comodo Security
ApplicUnwnt
19655

Dr.Web
Trojan.Crossrider.37788
9.0.1.0355

Emsisoft Anti-Malware
Gen:Application.Heur.Su1@kWnS6ski
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BA potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
12/21/2014

F-Prot
W32/A-ea13b6b6
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Plush.2
11.2014-21-12_1

G Data
Win32.Adware.Crossrider
14.12.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13521

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

Malwarebytes
PUP.Optional.iWebar.A
v2014.12.21.11

McAfee
Artemis!06F861616393
5600.6909

Microsoft Security Essentials
Threat.Undefined
1.187.1147.0

MicroWorld eScan
Gen:Variant.Adware.Plush.2
15.0.0.1065

NANO AntiVirus
Riskware.Win32.Crossrider.dgvsse
0.28.2.62841

Norman
Gen:Application.Heur.Su1@kWnS6ski
04.12.2014 14:30:06

nProtect
Trojan.Generic.11377456
14.06.17.01

Panda Antivirus
Trj/Genetic.gen
14.12.21.11

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Quick Heal
AdWare.NSIS.r5 (Not a Virus)
12.14.14.00

Reason Heuristics
PUP.Crossrider.GogoNetworkClub.J
14.12.21.23

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141219

Sophos
PUA 'AppRider' (of type Adware)
5.09

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10163

Trend Micro House Call
TROJ_GEN.F0C2H00IC14
7.2.355

Trend Micro
PE_SALITY.RL
10.465.21

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Crossrider
34498

Zillya! Antivirus
Adware.Agent.Win32.12206
2.0.0.1937

File size:
709.9 KB (726,944 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
iWebar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\iwebar\iwebar-bg.exe

Digital Signature
Signed by:
Gogo Network Club

Authority:
COMODO CA Limited

Valid from:
8/18/2014 8:00:00 PM

Valid to:
8/19/2015 7:59:59 PM

Subject:
CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF783471861CAD78DE03A20768BF56

File PE Metadata
Compilation timestamp:
9/30/2014 3:37:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:pR/WyK2fBXcKj3wgSaP8+1DZ8aeBpMEtTC0mTYUyb:TegFXlP9ktTCbTqb

Entry address:
0x64FAC

Entry point:
E8, 9B, CD, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, A0, 4A, 00, E8, 4E, 49, 00, 00, E8, C2, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, 2E, CD, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6C, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4603

Code size:
569 KB (582,656 bytes)

Remove iwebar-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.