home

Websteroids.exe

Websteroids

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application Websteroids.exe by Creative Island Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Websteroids by Creative Island Media, LLC which is a potentially unwanted software program.
Publisher:
Creative Island Media, LLC  (signed and verified)

Product:
Websteroids

Version:
1.0.1.0

MD5:
bf5775cbdebb7e983651e5d495e506e2

SHA-1:
6eab51b355bf8230b9348c4f5e5ab92e524db9d1

SHA-256:
b297ef1ad3487a2f03d30cd488554b54eec0f6aa44413909f1dd1e29496f062d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 9:57:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.7.29.20

File size:
41.9 KB (42,872 bytes)

Product version:
1.0.1.0

Copyright:
Copyright © Creative Island Media, LLC 2014

Original file name:
Websteroids.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\websteroids\websteroids.exe

Digital Signature
Signed by:
Creative Island Media, LLC

Authority:
VeriSign, Inc.

Valid from:
3/24/2014 3:00:00 AM

Valid to:
6/24/2015 2:59:59 AM

Subject:
CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0ED42A15C608C5CB28B1EF56CE392E5E

File PE Metadata
Compilation timestamp:
4/25/2014 12:41:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:LWvmF80denAu7jLcoRDYv1xm7tWOm5TsP86g++RKSizYcHeGK2FuoUU:yvmy0denAu7jLcoGbKW95TsU6g+0KSv0

Entry address:
0x98FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9351

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
30.5 KB (31,232 bytes)

The file Websteroids.exe has been discovered within the following program.

Websteroids  by Creative Island Media, LLC
This is ad-supported (adware) software, part of Injekt, that is very difficult to remove as the publisher will ignore the Windows Add/Remove feature and re-install it after the user reboot their PC.
www.websteroidsapp.com
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.betterxperience.com  (54.218.62.24:80)

TCP (HTTP):
Connects to d.pullupdate.com  (54.230.15.37:80)

TCP (HTTP):
Connects to d.betterxperience.com  (54.230.13.123:80)

 
http://d.betterxperience.com/updater/dedu.txt

Remove Websteroids.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.