home

iwebar-buttonutil64.exe

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application iwebar-buttonutil64.exe by Gogo Network Club has been detected as adware by 14 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
iWebar  (signed by Gogo Network Club)

Product:
iWebar

Description:
iWebar exe

Version:
1000.1000.1000.1000

MD5:
d509d3ceede044181ca18a1d7728aad2

SHA-1:
cd877fd3344dcca075ded6526b7b3a0e6581d1fa

SHA-256:
2b8aeef36d3ffb0c7a7c6d3de6a6b08897e3cdcbf963e0e0d0df7936002bf746

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Gogo Network Club.

Analysis date:
4/19/2024 3:15:03 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pq
7.11.168.242

avast!
Win64:Adware-gen [Adw]
2014.9-141022

AVG
Generic
2015.0.3313

Baidu Antivirus
Trojan.Win32.Avc
4.0.3.141022

ESET NOD32
probably Win64/Toolbar.Crossrider.H potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Adware/Adwapper
10/22/2014

IKARUS anti.virus
AdWare.Adload
t3scan.1.7.5.0

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.494

Malwarebytes
PUP.Optional.iWebar.A
v2014.10.22.03

McAfee
Artemis!6D49979AC6C8
5600.6969

Panda Antivirus
Trj/Chgt.D
14.10.22.03

Qihoo 360 Security
Win32/Virus.Adware.970
1.0.0.1015

Reason Heuristics
PUP.Crossrider.GogoNetworkClub.T
14.10.22.15

VIPRE Antivirus
Threat.4789396
32938

File size:
401.9 KB (411,552 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
iWebar.exe

File type:
Executable application (Win64 EXE)

Language:
engleski (SAD)

Common path:
C:\Program Files\iwebar\iwebar-buttonutil64.exe

Digital Signature
Signed by:
Gogo Network Club

Authority:
COMODO CA Limited

Valid from:
8/19/2014 2:00:00 AM

Valid to:
8/20/2015 1:59:59 AM

Subject:
CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF783471861CAD78DE03A20768BF56

File PE Metadata
Compilation timestamp:
10/21/2014 9:38:57 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:rFlT3buaOPl/jWWPzOgrQuIOZm0CnPnfwghTtxO4PmAQUewUsxFCYhPRgRFd:rChzVrQkZm5HwN4Psm/S

Entry address:
0x262A8

Entry point:
48, 83, EC, 28, E8, 3F, A5, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 90, 20, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, CB, A4, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 17, 9D, FD, FF, 66, 39, 05, 10, 9D, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 3F, 9D, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89...
 
[+]

Code size:
259.5 KB (265,728 bytes)

Remove iwebar-buttonutil64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.