home

b0newplayerzd178.exe

The application b0newplayerzd178.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14115 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program NewPlayer by Offers411 which is a potentially unwanted software program.
MD5:
82f250a14e23fed53c4d4c05e7b17a54

SHA-1:
a23b485c679a8b907768f91251a2dfe05faff744

SHA-256:
3d3ffa2538adedf070976787acf7e89e3f2d34d5d984ecaad7d7a1cd327a71cd

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 12:30:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.AddLyrics.17
866

avast!
Win32:Adware-BXP [Adw]
2014.9-140921

AVG
Adware Generic5
2015.0.3344

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14829

Bitdefender
Gen:Variant.Adware.AddLyrics.17
1.0.20.1320

Emsisoft Anti-Malware
Gen:Variant.Adware.AddLyrics.17
8.14.09.21.02

ESET NOD32
Win32/AdWare.AddLyrics.BN (variant)
8.10333

F-Secure
Gen:Variant.Adware.AddLyrics.17
11.2014-21-09_1

G Data
Gen:Variant.Adware.AddLyrics.17
14.9.24

MicroWorld eScan
Gen:Variant.Adware.AddLyrics.17
15.0.0.792

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.21.14

File size:
284.5 KB (291,328 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver1newplayer\b0newplayerzd178.exe

File PE Metadata
Compilation timestamp:
8/27/2014 2:51:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:bYThAVvyhzTRMpbFQaKE3W+ArVwk2qoSczOzgi/HcS:bWAqzTRMjHKnPTrwOzgi/f

Entry address:
0x10E1A

Entry point:
E8, 79, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04...
 
[+]

Entropy:
5.7510

Code size:
100 KB (102,400 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14115/

Local host port:
14115

Default credentials:
No


The file b0newplayerzd178.exe has been discovered within the following program.

NewPlayer  by Offers411
NewPlayer is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.l.pricegrabber.com  (64.19.235.50:80)

TCP (HTTP):
Connects to rtb02.us.dataxu.net  (50.23.159.133:80)

TCP (HTTP SSL):
Connects to pc-b.bitgravity.com  (64.185.181.238:443)

TCP (HTTP):
Connects to pages-wildcard.weebly.com  (199.34.228.104:80)

TCP (HTTP SSL):
Connects to edge-star-shv-03-fra3.facebook.com  (31.13.93.33:443)

TCP (HTTP):
Connects to ec2-54-72-105-247.eu-west-1.compute.amazonaws.com  (54.72.105.247:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-54-196-136-167.compute-1.amazonaws.com  (54.196.136.167:443)

TCP (HTTP):
Connects to ec2-50-19-108-140.compute-1.amazonaws.com  (50.19.108.140:80)

TCP (HTTP):
Connects to a96-6-237-229.deploy.akamaitechnologies.com  (96.6.237.229:80)

TCP (HTTP):
Connects to a96-17-15-26.deploy.akamaitechnologies.com  (96.17.15.26:80)

TCP (HTTP):
Connects to a23-73-210-116.deploy.static.akamaitechnologies.com  (23.73.210.116:80)

TCP (HTTP):
Connects to a23-7-197-109.deploy.static.akamaitechnologies.com  (23.7.197.109:80)

TCP (HTTP):
Connects to a23-7-194-116.deploy.static.akamaitechnologies.com  (23.7.194.116:80)

TCP (HTTP):
Connects to a23-55-210-116.deploy.static.akamaitechnologies.com  (23.55.210.116:80)

TCP (HTTP):
Connects to a23-212-12-155.deploy.static.akamaitechnologies.com  (23.212.12.155:80)

TCP (HTTP):
Connects to a23-212-10-97.deploy.static.akamaitechnologies.com  (23.212.10.97:80)

TCP (HTTP):
Connects to a23-197-245-52.deploy.static.akamaitechnologies.com  (23.197.245.52:80)

TCP (HTTP):
Connects to a184-85-64-28.deploy.static.akamaitechnologies.com  (184.85.64.28:80)

TCP (HTTP):
Connects to a184-31-19-167.deploy.static.akamaitechnologies.com  (184.31.19.167:80)

Remove b0newplayerzd178.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.