home

thewebblocker-setup.exe

The Web Blocker

Webstart Studios, LLC

The application thewebblocker-setup.exe, “The Web Blocker Setup Program” has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from thewebblocker.com.
Publisher:
Webstart Studios, LLC

Product:
The Web Blocker

Description:
The Web Blocker Setup Program

Version:
2.0

MD5:
683c5ea1892e56d0afbc759e85af1daa

SHA-1:
922c482d93b5afefdeebb3a0551ae1592b3e9891

SHA-256:
957e34a0fe091ac617f3378641b9aa184d68fb40a3d820b0e7c569bca0f37788

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/26/2024 11:10:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1571

Dr.Web
Adware.OpenCandy.154
9.0.1.0182

ESET NOD32
Win32/OpenCandy.A potentially unsafe (variant)
9.11863

Fortinet FortiGate
Riskware/OpenCandy
7/1/2015

McAfee
Artemis!683C5EA1892E
5600.6718

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.1.11

VIPRE Antivirus
Trojan.Win32.Generic
41572

File size:
1.1 MB (1,151,488 bytes)

Product version:
2.0

Copyright:
Copyright © Webstart Studios, LLC

Original file name:
The Web BlockerSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\thewebblocker-setup.exe

File PE Metadata
Compilation timestamp:
6/11/2015 6:13:03 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:uO9JNX5H+m/dlFz6zVTVT6Km087voGm8OZUbqqfo:3V3lkxTVex3EGQGB

Entry address:
0x57044

Entry point:
E8, 65, 98, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, 20, 6C, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, A2, 49, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 6A, 0C, 68, 70, 19, 49, 00, E8, 9B, FF, FF, FF, 6A, 0E, E8, BC, 22, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08...
 
[+]

Entropy:
7.2477

Code size:
498.5 KB (510,464 bytes)

The file thewebblocker-setup.exe has been seen being distributed by the following URL.

http://thewebblocker.com/.../thewebblocker-setup.exe

Remove thewebblocker-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.