home

iwebar-bg.exe

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application iwebar-bg.exe by Gogo Network Club has been detected as adware by 37 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
iWebar  (signed by Gogo Network Club)

Product:
iWebar

Description:
iWebar exe

Version:
1000.1000.1000.1000

MD5:
1bc3be3dc1d2344ee409beed9840f1a0

SHA-1:
4d02f34bf71ff18ee5bb3ba56b9c19a124049c1b

SHA-256:
0ccffe2b6f415ea459844ce458c993facbb114a545c260740cdbc7147630611a

Scanner detections:
37 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Gogo Network Club.

Analysis date:
4/26/2024 5:06:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Plush.2
833

AegisLab AV Signature
W32.Alman
2.1.4+

AhnLab V3 Security
PUP/Win32.CrossRider
2014.10.17

Avira AntiVirus
Adware/CrossRider.A.16869
7.11.180.32

avast!
Win32:Crossrider-AI [PUP]
2014.9-141024

AVG
Generic
2015.0.3311

Baidu Antivirus
Adware.NSIS.Adwapper
4.0.3.141024

Bitdefender
Gen:Variant.Adware.Plush.2
1.0.20.1485

Clam AntiVirus
Win.Adware.Crossrider-86
0.98/21411

Comodo Security
ApplicUnwnt
19655

Dr.Web
Trojan.Crossrider.35830
9.0.1.0297

Emsisoft Anti-Malware
Gen:Variant.Adware.Plush
8.14.10.24.04

ESET NOD32
Win32/Toolbar.CrossRider.BA (variant)
8.10575

Fortinet FortiGate
Adware/Adwapper
10/24/2014

F-Prot
W32/A-ea13b6b6
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Plush.2
11.2014-24-10_6

G Data
Gen:Variant.Adware.Plush
14.10.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13521

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.494

Malwarebytes
PUP.Optional.iWebar.A
v2014.10.24.04

McAfee
Artemis!06F861616393
5600.6967

Microsoft Security Essentials
Threat.Undefined
1.187.1147.0

MicroWorld eScan
Gen:Variant.Adware.Plush.2
15.0.0.891

NANO AntiVirus
Riskware.Win32.Crossrider.dgvsse
0.28.2.62841

Norman
Sality.ZHB
11.20141211

Panda Antivirus
Trj/Genetic.gen
14.10.24.04

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
AdWare.NSIS.r5 (Not a Virus)
12.14.14.00

Reason Heuristics
PUP.Crossrider.GogoNetworkClub.J
14.10.24.16

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141022

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.F0C2H00IC14
7.2.345

Trend Micro
PE_SALITY.RL
10.465.11

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Crossrider
33870

Zillya! Antivirus
Adware.CrossRider.Win32.335
2.0.0.1974

File size:
694.9 KB (711,584 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
iWebar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\iwebar\iwebar-bg.exe

Digital Signature
Signed by:
Gogo Network Club

Authority:
COMODO CA Limited

Valid from:
8/19/2014 12:00:00 AM

Valid to:
8/19/2015 11:59:59 PM

Subject:
CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF783471861CAD78DE03A20768BF56

File PE Metadata
Compilation timestamp:
10/24/2014 7:36:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:v4B6GtuKIiD8aReBiTnaCrigs6niM0Y2+7zSXF0hDqVCtcsccIZScUmAVXTBRhbG:A6iciD8srrk6iMkeest/cUmAVXTXh0aQ

Entry address:
0x6318A

Entry point:
E8, 4D, CB, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 5C, 4A, 00, E8, 50, 49, 00, 00, E8, C4, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, E0, CA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 4F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
555 KB (568,320 bytes)

Remove iwebar-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.