home

webplus.exe

GoDaddy.com, Inc.

The executable webplus.exe has been detected as malware by 7 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Web+’.
Publisher:
GoDaddy.com, Inc.  (signed and verified)

MD5:
6b1dbfe10a478aa5a80f9630ab85bddc

SHA-1:
aa5ba14b5c1e751c45ab2086115c4e99872e52a8

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/23/2024 2:00:23 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160822-1

AVG
Win32/Mabezat
2013.0.4447

Clam AntiVirus
Win.Trojan.Mabezat-3
0.98/22145

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

ESET NOD32
Win32/Mabezat.A virus
6.3

F-Prot
W32/Mabezat.A-1
4.6.5.141

Kaspersky
Worm.Win32.Mabezat
15.0.2.529

File size:
1.2 MB (1,231,215 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\webplus\webplus.exe

Digital Signature
Signed by:
GoDaddy.com, Inc.

Authority:
The Go Daddy Group, Inc.

Valid from:
11/16/2006 2:54:37 AM

Valid to:
11/16/2026 2:54:37 AM

Subject:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Issuer:
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

Serial number:
0301

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gkhFZd7fJoDUz5Yp5NgErqYeH0NDff+u3nT9T7hHNN:gWbd7hoDUz5Yp/gErqY00NDfW2TRPN

Entry address:
0xBF428

Entry point:
BB, 20, ED, 4B, 00, FF, E3, 00, 57, B8, 98, EF, 4B, 00, E8, 29, 74, F4, FF, A1, 7C, 89, 4C, 00, 8B, 00, E8, E9, 39, FB, FF, 8B, 0D, C0, 84, 4C, 00, A1, 7C, 89, 4C, 00, 8B, 00, 8B, 15, A8, D5, 4B, 00, E8, F1, 39, FB, FF, E8, D4, C0, FF, FF, A1, 7C, 89, 4C, 00, 8B, 00, E8, 74, 3A, FB, FF, 33, C0, 55, 68, 8D, F4, 4B, 00, 64, FF, 30, 64, 89, 20, E8, 95, CD, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, 4A, 47, F4, FF, E8, AD, 4A, F4, FF, 5F, 5E, 5B, E8, 1D, 4F, F4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
761.5 KB (779,776 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Web+

Command:
C:\Program Files\webplus\webplus.exe


Remove webplus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.