home

a6ff180.exe

The application a6ff180.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14382 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program NewPlayer by Offers411 which is a potentially unwanted software program.
MD5:
c3633e5ace32cc14eb594e3aa3df11d3

SHA-1:
0942852ac37de12a8e0481a503fb5be7d362718b

SHA-256:
2ec06bdbb3da772684b4dc0fdfb44f926c3233b54c681176245b17d4ebaff283

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 6:48:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.AddLyrics.18
841

AhnLab V3 Security
Adware/Win32.AddLyrics
2014.10.19

avast!
Win32:Adware-BZG [Adw]
2014.9-141102

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14112

Bitdefender
Gen:Variant.Adware.AddLyrics.18
1.0.20.1450

Emsisoft Anti-Malware
Gen:Variant.Adware.AddLyrics.18
8.14.10.17.10

ESET NOD32
Win32/AdWare.AddLyrics.BU (variant)
8.10561

Fortinet FortiGate
Riskware/AddLyrics
11/2/2014

F-Secure
Gen:Variant.Adware.AddLyrics.18
11.2014-17-10_6

G Data
Gen:Variant.Adware.AddLyrics.18
14.10.24

K7 AntiVirus
Adware
13.184.13727

Malwarebytes
PUP.Optional.Graftor
v2014.10.17.10

McAfee
Artemis!878B9F1BE53D
5600.6959

MicroWorld eScan
Gen:Variant.Adware.AddLyrics.18
15.0.0.870

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.2.11

File size:
237 KB (242,688 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver1newplayer\a6ff180.exe

File PE Metadata
Compilation timestamp:
10/12/2014 7:38:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
1536:wQhMfPhzVxfsuP2KEDpnnhWGrZMTmKl1wES1cBZgsWjcdQ5+iyDRgV4m9wu6a8K8:1hkhSDhhprMCMJQ5+iyDd0DI

Entry address:
0x8DF9

Entry point:
E8, B8, 67, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, 25, 84, F2, 41, 00, 00, 83, EC, 10, 53, 33, DB, 43, 09, 1D, E8, D0, 41, 00, 6A, 0A, E8, E7, BC, 00, 00, 85, C0, 0F, 84, 0E, 01, 00, 00, 33, C9, 8B, C3, 89, 1D, 84, F2, 41, 00, 0F, A2, 56, 8B, 35, E8, D0, 41, 00, 57, 8D, 7D, F0, 83, CE, 02, 89, 07, 89, 5F, 04, 89, 4F, 08, 89, 57, 0C, F7, 45, F8, 00, 00, 10, 00, 89, 35, E8, D0, 41, 00, 74, 13, 83, CE, 04, C7, 05, 84, F2, 41, 00, 02, 00, 00, 00, 89, 35, E8, D0, 41, 00, F7, 45, F8, 00, 00, 00, 10, 74, 13...
 
[+]

Entropy:
5.6346

Code size:
79.5 KB (81,408 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14382/

Local host port:
14382

Default credentials:
No


The file a6ff180.exe has been discovered within the following program.

NewPlayer  by Offers411
NewPlayer is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to iad23s08-in-f1.1e100.net  (74.125.228.97:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to d-3a.v.dropbox.com  (108.160.162.53:443)

Remove a6ff180.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.