» di9viewpasswordjs175.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (12)

di9viewpasswordjs175.exe

The application di9viewpasswordjs175.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14431 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program.

File name:

MD5:

05f3925aff725a982dc18ef14e95688e

SHA-1:

b5be3e5fa671f445f070f82f6e93b4d81451650e

SHA-256:

74995cede3ddffcc3a669cec35f505b569bf0c1414e03da6b46bfe19a7b51056

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 7:01:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.AddLyrics.12

904

avast!

Win32:Adware-BTY [PUP]

2014.9-140815

AVG

Generic5

2015.0.3382

Baidu Antivirus

Trojan.Win32.AddLyrics

4.0.3.14815

Bitdefender

Gen:Variant.AddLyrics.12

1.0.20.1135

Comodo Security

ApplicUnwnt

19117

Dr.Web

Trojan.Revizer.85

9.0.1.0227

Emsisoft Anti-Malware

Gen:Variant.AddLyrics.12

8.14.08.15.11

ESET NOD32

Win32/AdWare.AddLyrics.BC (variant)

8.10220

Fortinet FortiGate

Riskware/AddLyrics

8/15/2014

F-Secure

Gen:Variant.AddLyrics.12

11.2014-15-08_6

G Data

Gen:Variant.AddLyrics.12

14.8.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3403

McAfee

Artemis!E7253A1E2E92

5600.7038

MicroWorld eScan

Gen:Variant.AddLyrics.12

15.0.0.681

NANO AntiVirus

Trojan.Win32.Revizer.dcsyub

0.28.2.61349

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.15.11

Sophos

Generic PUA HF

4.98

Trend Micro House Call

TROJ_GEN.R011H09H514

7.2.227

VIPRE Antivirus

Trojan.Win32.Generic

32016

File size:

155 KB (158,720 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\di3viewpassword\di9viewpasswordjs175.exe

File PE Metadata

Compilation timestamp:

7/10/2014 12:24:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

1536:lrrKR7Kw0rJFkk1uG2MoPkk2uhiRrISJK5rfB+ZlcnYVsWjcdqpS0KcvWgbMKW4f:g0zLkpPBPrfB+ZIqpS0KcvBsA

Entry address:

0xB2BB

Entry point:

E8, 48, 57, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, D4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, C9, 41, 00, 01, 0F, 82, 2B, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1... 
[+]

Entropy:

6.3160

Code size:

75.5 KB (77,312 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14431/

Local host port:

14431

Default credentials:

The file di9viewpasswordjs175.exe has been discovered within the following program.

ViewPassword by Revizer Technologies

ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP):

Connects to a23-4-37-163.deploy.static.akamaitechnologies.com (23.4.37.163:80)

TCP (HTTP):

Connects to snt-re4-8b.sjc.dropbox.com (108.160.163.106:80)

TCP (HTTP SSL):

Connects to fra07s29-in-f5.1e100.net (173.194.112.69:443)

TCP (HTTP SSL):

Connects to fra02s17-in-f7.1e100.net (173.194.112.199:443)

TCP (HTTP):

Connects to ec2-54-214-7-177.us-west-2.compute.amazonaws.com (54.214.7.177:80)

TCP (HTTP SSL):

Connects to ec2-34-192-150-200.compute-1.amazonaws.com (34.192.150.200:443)

TCP (HTTP SSL):

Connects to a23-7-120-231.deploy.static.akamaitechnologies.com (23.7.120.231:443)

TCP (HTTP SSL):

Connects to a23-7-120-227.deploy.static.akamaitechnologies.com (23.7.120.227:443)

TCP (HTTP SSL):

Connects to a23-5-146-250.deploy.static.akamaitechnologies.com (23.5.146.250:443)

TCP (HTTP SSL):

Connects to a184-29-104-208.deploy.static.akamaitechnologies.com (184.29.104.208:443)

TCP (HTTP SSL):

Connects to 89.240.178.107.bc.googleusercontent.com (107.178.240.89:443)

Remove di9viewpasswordjs175.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.