» Websteroids.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

Websteroids.exe

Websteroids

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application Websteroids.exe by Creative Island Media has been detected as adware by 23 anti-malware scanners. This file is typically installed with the program Websteroids by Creative Island Media, LLC which is a potentially unwanted software program.

File name:

Websteroids.exe

Publisher:

Creative Island Media, LLC (signed and verified)

Product:

Websteroids

Version:

1.0.1.0

MD5:

3d1b88202691d42ef0c1e4a1be4dbd36

SHA-1:

51d212ebf13400038add1c67921f3088235a086f

SHA-256:

1274f6385531380104890cc16883bed02c60d43049c8305169ae09496db9547f

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/24/2024 9:59:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NUR

911

Agnitum Outpost

PUA.SaMon

7.1.1

Avira AntiVirus

Adware/Agent.nur.7

7.11.143.0

Bitdefender

Adware.Agent.NUR

1.0.20.1095

Comodo Security

ApplicUnwnt

17888

Dr.Web

Adware.Plugin.173

9.0.1.0219

Emsisoft Anti-Malware

Adware.Agent.NUR

8.14.08.07.08

ESET NOD32

MSIL/Adware.PullUpdate (variant)

8.9502

Fortinet FortiGate

Adware/SaMon

8/7/2014

F-Secure

Adware.Agent.NUR

11.2014-07-08_5

G Data

Adware.Agent.NUR

14.8.24

IKARUS anti.virus

not-a-virus:AdWare.Win32.SaMon

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.176.11737

Kaspersky

not-a-virus:AdWare.Win32.SaMon

14.0.0.3441

McAfee

Artemis!86590A803B92

5600.7045

MicroWorld eScan

Adware.Agent.NUR

15.0.0.657

nProtect

Adware.Agent.NUR

14.04.11.01

Qihoo 360 Security

Unnamed.Threat

1.0.0.1015

Reason Heuristics

PUP.CreativeIslandMedia.L

14.8.7.20

Sophos

Search Donkey

4.98

Trend Micro House Call

TROJ_GEN.F47V0323

7.2.219

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.0

VIPRE Antivirus

SearchDonkey

27094

File size:

147.9 KB (151,416 bytes)

Product version:

1.0.1.0

Original file name:

Websteroids.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\websteroids\websteroids.exe

Digital Signature

Signed by:

Creative Island Media, LLC

Authority:

VeriSign, Inc.

Valid from:

5/21/2013 1:00:00 AM

Valid to:

5/22/2014 12:59:59 AM

Subject:

CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata

Compilation timestamp:

3/21/2014 11:02:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:1LBLWWSLnxV8U6pDICLZfVE+ebJ2LOIqSvGp:f69xV8U6pMWVzekCIZvGp

Entry address:

0x972E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.5173

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

30 KB (30,720 bytes)

The file Websteroids.exe has been discovered within the following program.

Websteroids by Creative Island Media, LLC

This is ad-supported (adware) software, part of Injekt, that is very difficult to remove as the publisher will ignore the Windows Add/Remove feature and re-install it after the user reboot their PC.

www.websteroidsapp.com

83% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-54-186-60-190.us-west-2.compute.amazonaws.com (54.186.60.190:80)

Remove Websteroids.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.