home

adpeakproxy.exe

AdpeakProxy.exe

Adpeak, Inc.

The application adpeakproxy.exe has been detected as adware by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “AdpeakProxy”. Additionally, the file is typically installed by a number of programs including ScorpionSaver Services by Adpeak, Inc. and Savingsbull Services by Adpeak Inc., both potentially unwanted software. While running, it connects to the Internet address 6.183.211.130.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Adpeak, Inc.

Product:
AdpeakProxy.exe

Version:
2.2.7.1

MD5:
8cbe07b5aa098830acb1e1f555c7f92b

SHA-1:
a9753edf2d54ee9cabf70069e8ef65f327523a23

SHA-256:
75b28e97acc65ee5741acddbfbbb73765bfffee6f832c45f3c4fd89487426e69

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
4/24/2024 5:03:03 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-131214

Boost by Reason
Optional.Service.Adpeak.L
188163

ESET NOD32
Win32/AdWare.Adpeak
7.9151

K7 AntiVirus
Riskware
13.174.10455

Malwarebytes
PUP.Optional.Adpeak
v2013.12.14.02

McAfee
Adware-Adpeak
5600.7282

Reason Heuristics
PUP.Service.Adpeak.L
14.3.1.2

Sophos
AdPeak
4.95

Trend Micro House Call
TROJ_GEN.F47V1112
7.2.333

VIPRE Antivirus
Adware.Adpeak
24184

File size:
3.5 MB (3,688,448 bytes)

Product version:
2.2.7.1

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\scorpionsaver services\adpeakproxy.exe

File PE Metadata
Compilation timestamp:
10/16/2013 11:21:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:etjNp3ndcLku+NU4e2uVd1MDbFzKRFhd4ro2LyPG2lVCT1tp/STj:sTdDcd1MFzKbhdWo2LUGXST

Entry address:
0x14832E

Entry point:
E8, 94, 2F, 01, 00, E9, 78, FE, FF, FF, 6A, 10, 68, E0, 9A, 75, 00, E8, 64, 12, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 4B, CE, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 02, CF, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 00, 65, 77, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, D6, 5E, 00, 00, 59, 89, 7D, FC, 53, E8, FA, 5F, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, 28, 65, 77, 00, 77, 49, 56, 53...
 
[+]

Entropy:
5.8934

Code size:
2.8 MB (2,948,096 bytes)

Service
Display name:
AdpeakProxy

Description:
Adpeak Service

Type:
Win32OwnProcess

Depends on:
RPCSS


The file adpeakproxy.exe has been discovered within the following programs.

Savingsbull Services  by Adpeak Inc.
EULA: "The Toolbar monitors and records the ways in which you use your computer and the websites you visit so that: (i) you can receive targeted advertisements.
www.savingsbull.com/aboutthisad.php
81% remove it
ScorpionSaver Services  by Adpeak, Inc.
ScorpionSaver is a potentially unwanted web browser extension that is designed to deliver search-based hijacking/injection as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.
www.adpeak.com
76% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-34-198-227-118.compute-1.amazonaws.com  (34.198.227.118:80)

TCP (HTTP):
Connects to ec2-52-221-13-95.ap-southeast-1.compute.amazonaws.com  (52.221.13.95:80)

TCP (HTTP):
Connects to a184-51-115-17.deploy.static.akamaitechnologies.com  (184.51.115.17:80)

TCP (HTTP):
Connects to ec2-52-206-182-223.compute-1.amazonaws.com  (52.206.182.223:80)

TCP (HTTP SSL):
Connects to a23-50-176-166.deploy.static.akamaitechnologies.com  (23.50.176.166:443)

TCP (HTTP SSL):
Connects to a23-72-98-151.deploy.static.akamaitechnologies.com  (23.72.98.151:443)

TCP (HTTP):
Connects to server-54-230-5-154.dfw3.r.cloudfront.net  (54.230.5.154:80)

TCP (HTTP):
Connects to server-52-84-7-193.ord54.r.cloudfront.net  (52.84.7.193:80)

TCP (HTTP SSL):
Connects to 84-235-64-143.static.saudi.net.sa  (84.235.64.143:443)

TCP (HTTP SSL):
Connects to server-54-192-120-54.dfw50.r.cloudfront.net  (54.192.120.54:443)

TCP (HTTP):
Connects to server-52-84-7-46.ord54.r.cloudfront.net  (52.84.7.46:80)

TCP (HTTP):
Connects to server-52-84-7-230.ord54.r.cloudfront.net  (52.84.7.230:80)

TCP (HTTP):
Connects to server-52-84-63-78.ord51.r.cloudfront.net  (52.84.63.78:80)

TCP (HTTP):
Connects to dd.e7.25ae.ip4.static.sl-reverse.com  (174.37.231.221:80)

TCP (HTTP):
Connects to a184-51-115-8.deploy.static.akamaitechnologies.com  (184.51.115.8:80)

TCP (HTTP):
Connects to a184-51-114-8.deploy.static.akamaitechnologies.com  (184.51.114.8:80)

TCP (HTTP):
Connects to a184-51-114-10.deploy.static.akamaitechnologies.com  (184.51.114.10:80)

TCP (HTTP):
Connects to 179.245.178.107.bc.googleusercontent.com  (107.178.245.179:80)

TCP (HTTP):
Connects to server-54-230-206-73.atl50.r.cloudfront.net  (54.230.206.73:80)

TCP (HTTP):
Connects to server-54-192-7-184.dfw3.r.cloudfront.net  (54.192.7.184:80)

Remove adpeakproxy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.