» iwebar-chromeinstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (3)

iwebar-chromeinstaller.exe

Goobzo LTD

The application iwebar-chromeinstaller.exe by Goobzo has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program iWebar by iWebBar which is a potentially unwanted software program. The file utilizes the Crossrider browser extension platform. ChromeInstaller is the component designed to install and manage the extension's Google Chrome integration. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

iWebar (signed by Goobzo LTD)

Product:

iWebar

Description:

iWebar exe

Version:

1000.1000.1000.1000

MD5:

bd3c4afef8d45caad9ae2c8989c89a24

SHA-1:

f666f6d459e282b85f261ad8f42546af7fd28dc5

SHA-256:

d0f20aae07c9788e562eed9fe1e10de63ee540a17b9cf0b6de6fade0f673e372

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Gogole Chrome.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Goobzo LTD.

Analysis date:

5/28/2024 10:41:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Plush.1

911

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AVG

MalSign.Skodna

2015.0.3592

Baidu Antivirus

Unnamed.Threat

4.0.3.14117

Bitdefender

Gen:Adware.Plush.1

1.0.20.1100

Dr.Web

Trojan.Crossrider.7839

9.0.1.0220

Emsisoft Anti-Malware

Gen:Adware.Plush

8.14.08.08.02

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9094

Fortinet FortiGate

Riskware/PUP_FEJ

8/8/2014

F-Secure

Gen:Adware.Plush.1

11.2014-08-08_6

G Data

Gen:Adware.Plush

14.8.24

herdProtect (fuzzy)

variant of plus-hd-4.9-chromeinstaller.exe (Adware)

2014.1.27.6

K7 AntiVirus

Trojan

13.174.10588

Malwarebytes

PUP.Optional.ObjectBrowser.A

v2014.01.17.07

McAfee

Artemis!7FCEADEC6F73

5600.7045

MicroWorld eScan

Gen:Adware.Plush.1

15.0.0.660

NANO AntiVirus

Trojan.Win32.Crossrider.cynnzl

0.28.0.59921

Panda Antivirus

PUP/PlusHD

14.01.27.06

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.W

14.8.8.2

Sophos

AppRider

4.96

Trend Micro House Call

TROJ_GEN.F47V1125

7.2.17

VIPRE Antivirus

Crossrider

23730

File size:

904.4 KB (926,064 bytes)

Product version:

1000.1000.1000.1000

Original file name:

iWebar.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\iwebar\iwebar-chromeinstaller.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 5:00:00 PM

Valid to:

5/2/2015 4:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/1/2014 11:32:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:9kXJU91usvzOpsAov9bIcuPxmeKWHRjcNEIF0jTxwG33OOvTmqdwMVpTJBk:9kXJUr/CEvJIcuPxmzlOTxwK9vCyT/k

Entry address:

0x97A72

Entry point:

E8, DE, F3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, 48, 11, 4E, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 8C, AA, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 7C, AA, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, EE, 00, 00, 00... 
[+]

Entropy:

6.5566

Code size:

738 KB (755,712 bytes)

Scheduled Task

Task name:

iWebar-chromeinstaller

Trigger:

Logon (Runs on logon)

The file iwebar-chromeinstaller.exe has been discovered within the following programs.

iWebar by iWebBar

iWebar is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/007223/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove iwebar-chromeinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.