iwebar-bho.dll

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module iwebar-bho.dll by Naruto Source has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
iWebar  (signed by Naruto Source)

Product:
iWebar

Description:
iWebar BHO

Version:
1.1.153.13

MD5:
09c7c14176a437d93e8eb93475139909

SHA-1:
1b5af32f89f743d3761a7e87301847fac6c4af69

SHA-256:
cd3d6e98628dcca7a545886dc638870a1ec9fcd5ac3e79fc1c1cad73fcfacdf2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:
5/31/2020 5:45:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.3.8.4

File size:
633.9 KB (649,064 bytes)

Product version:
1.1.153.13

Copyright:
Copyright 2011

Original file name:
iWebar.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\iwebar\iwebar-bho.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/27/2014 7:00:00 PM

Valid to:
7/28/2015 6:59:59 PM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
8/25/2014 5:06:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x49C57

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, DA, B4, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 9C, 08, 10, E8, BA, 30, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 00, 15, 09, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E4, 9F, 07, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.5957

Developed / compiled with:
Microsoft Visual C++

Code size:
441.5 KB (452,096 bytes)

Remove iwebar-bho.dll - Powered by Reason Core Security