» WebsteroidsService.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

WebsteroidsService.exe

Websteroids Service

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application WebsteroidsService.exe by Creative Island Media has been detected as adware by 22 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Websteroids”. This file is typically installed with the program Websteroids by Creative Island Media, LLC which is a potentially unwanted software program.

File name:

Publisher:

Creative Island Media, LLC (signed and verified)

Product:

Websteroids Service

Version:

1.0.0.0

MD5:

f53715bd432f9b4d7cdce6bd0d249b34

SHA-1:

006a52448ff683926fe8f689809e2c2e9ae36c78

SHA-256:

91cdafe3a41a801ff25573f5f4e63ba4523ad751f5b05854bf0b63d87c08de46

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/19/2024 8:25:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NUR

1020

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Baidu Antivirus

Unnamed.Threat

4.0.3.14421

Bitdefender

Adware.Agent.NUR

1.0.20.555

Comodo Security

ApplicUnwnt

18061

Dr.Web

Adware.Plugin.175

9.0.1.0219

Emsisoft Anti-Malware

Adware.Agent.NUR

8.14.04.21.01

ESET NOD32

MSIL/Adware.PullUpdate (variant)

8.9644

Fortinet FortiGate

Adware/PullUpdate

4/21/2014

F-Secure

Adware.Agent.NUR

11.2014-21-04_2

G Data

Adware.Agent.NUR

14.4.24

IKARUS anti.virus

AdWare.Agent

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11554

McAfee

Artemis!F53715BD432F

5600.7154

MicroWorld eScan

Adware.Agent.NUR

15.0.0.333

nProtect

Adware.Agent.NUR

14.04.06.01

Qihoo 360 Security

Win32/Trojan.Adware.988

1.0.0.1015

Reason Heuristics

PUP.Service.CreativeIslandMedia.S

14.8.7.20

Sophos

Search Donkey

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10435

Trend Micro House Call

TROJ_GEN.F47V0320

7.2.111

VIPRE Antivirus

SearchDonkey

28104

File size:

60.4 KB (61,816 bytes)

Product version:

1.0.0.0

Original file name:

WebsteroidsService.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\websteroids\websteroidsservice.exe

Digital Signature

Signed by:

Creative Island Media, LLC

Authority:

VeriSign, Inc.

Valid from:

5/21/2013 5:30:00 AM

Valid to:

5/22/2014 5:29:59 AM

Subject:

CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata

Compilation timestamp:

3/6/2014 4:34:57 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:aLnfbVnTzwCRyzI8PLxm4w9caUo3ZWvnbDjUF3XjD:arbVTsuyMkU4w9caUoQnbDjKDD

Entry address:

0xEBBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8518

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

51 KB (52,224 bytes)

Service

Display name:

Websteroids

Description:

Provides system level support for Websteroids.

Type:

Win32OwnProcess

The file WebsteroidsService.exe has been discovered within the following program.

Websteroids by Creative Island Media, LLC

This is ad-supported (adware) software, part of Injekt, that is very difficult to remove as the publisher will ignore the Windows Add/Remove feature and re-install it after the user reboot their PC.

www.websteroidsapp.com

83% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.betterxperience.com (54.218.62.24:80)

TCP (HTTP):

Connects to d.pullupdate.com (54.230.15.37:80)

Remove WebsteroidsService.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.