» iwebar-codedownloader.exe
Overview
Analysis
File Details
Network (3)

iwebar-codedownloader.exe

Goobzo LTD

The application iwebar-codedownloader.exe by Goobzo has been detected as adware by 40 anti-malware scanners. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for iWebar extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

iWebar (signed by Goobzo LTD)

Product:

iWebar

Description:

iWebar exe

Version:

1000.1000.1000.1000

MD5:

67460e1c4086239bed97a5323435a790

SHA-1:

204ede12ee90fbc546d450e67a91ef58a958dc85

SHA-256:

237aa54fa7be84dbf82c289313bfd51fcb6c4318ac3d3e886ef64514dff0dae1

Scanner detections:

40 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Goobzo LTD.

Analysis date:

5/9/2024 3:01:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Hu1@mScdMplO

444

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

Win-PUP/CrossRider

2015.10.27

Avira AntiVirus

ADWARE/CrossRider.Gen2

8.3.2.2

Arcabit

PUP.Adware.Goobzo

1.0.0.585

avast!

Win32:Crossrider-AI [PUP]

2014.9-151118

AVG

Crossrider

2016.0.2922

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.151118

Bitdefender

Gen:Application.Heur.Hu1@mScdMplO

1.0.20.1610

Bkav FE

W32.HfsAdware

1.3.0.7383

Clam AntiVirus

Win.Adware.Agent-37941

0.98/21511

Comodo Security

ApplicUnwnt

23477

Dr.Web

Trojan.Crossrider.38385

9.0.1.0322

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374109

8.15.11.18.04

ESET NOD32

Win32/Toolbar.CrossRider.AE potentially unwanted (variant)

9.12465

Fortinet FortiGate

Riskware/Toolbar_CrossRider

11/18/2015

F-Prot

W32/AdLoad.AL.gen

v6.4.7.1.166

F-Secure

Gen:Application.Heur.Hu1@mScdMplO

11.2015-18-11_4

G Data

Gen:Application.Heur.Hu1@mScdMplO

15.11.25

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.212.17646

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.1104

Malwarebytes

PUP.Optional.iWebar

v2015.11.18.04

McAfee

PUP-FTK

5600.6578

Microsoft Security Essentials

Threat.Undefined

1.177.1852.0

MicroWorld eScan

Gen:Application.Heur.Hu1@mScdMplO

16.0.0.966

NANO AntiVirus

Trojan.Win32.Crossrider.dikivc

0.30.26.3947

Norman

Sality.ZHB

11.20151118

Panda Antivirus

Adware/Goobzo

15.11.18.04

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

PUA.Goobzoltd.Gen

11.15.14.00

Reason Heuristics

Adware.Crossrider.Goobzo (M)

15.11.18.4

Rising Antivirus

PE:PUF.CrossRider!1.A157[F1]

23.00.65.151116

Sophos

AppRider (PUA)

4.98

SUPERAntiSpyware

Adware.CrossRider/Variant

9501

Trend Micro House Call

TROJ_GEN.F47V1224

7.2.322

Trend Micro

TROJ_GEN.R0C1C0FGK15

10.465.18

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

VIPRE Antivirus

Crossrider

44820

Zillya! Antivirus

Adware.CroRi.Win32.576

2.0.0.2474

File size:

528.9 KB (541,552 bytes)

Product version:

1000.1000.1000.1000

Original file name:

iWebar.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\iwebar\iwebar-codedownloader.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 8:00:00 PM

Valid to:

5/2/2015 7:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

7/13/2014 6:04:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:ezzWeIsVhTtbyo/nun99s3oYo4uYh/t10k6aEN2uqv/307OUIEpTBOCBbt:ev/VttbyofFBt10k6a4X4/k7aEpTAq

Entry address:

0x456F3

Entry point:

E8, B8, DD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4... 
[+]

Entropy:

6.4263

Code size:

413.5 KB (423,424 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/004635/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove iwebar-codedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.