» k3re-markableyt176.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

k3re-markableyt176.exe

The application k3re-markableyt176.exe has been detected as adware by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14008 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Re-Markable by Revizer Technologies which is a potentially unwanted software program.

File name:

MD5:

71137c5856154ddcbcb23453ac535f4e

SHA-1:

81a5d94e67cb4ba24e324fe9373d3af31cbfa16b

SHA-256:

d6abd825292c80ec2d62be1de8f8556fec41407edd80b6f927739edc7c03f132

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/26/2024 10:14:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.150960

898

avast!

Win32:Adware-BWL [Adw]

140813-1

AVG

Generic5

2015.0.3374

Baidu Antivirus

Trojan.Win32.AddLyrics

4.0.3.14820

Bitdefender

Gen:Variant.Graftor.150960

1.0.20.1160

Emsisoft Anti-Malware

Gen:Variant.Graftor.150960

8.14.08.20.01

ESET NOD32

Win32/AdWare.AddLyrics.BE application

7.0.302.0

F-Secure

Gen:Variant.Graftor.150960

11.2014-20-08_4

G Data

Gen:Variant.Graftor.150960

14.8.24

MicroWorld eScan

Gen:Variant.Graftor.150960

15.0.0.696

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.22.18

Sophos

AddLyrics

4.98

VIPRE Antivirus

Threat.5063086

32210

File size:

191 KB (195,584 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver5re-markable\k3re-markableyt176.exe

File PE Metadata

Compilation timestamp:

7/30/2014 11:34:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:M+p/SJv+7OMzFpF/EAWsZG+BUNppGuHRSwMGd69faF8Z1:M+kdwXzFz8AWsU3nryaFq

Entry address:

0x10A32

Entry point:

E8, E1, 67, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C... 
[+]

Code size:

99.5 KB (101,888 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14008/

Local host port:

14008

Default credentials:

The file k3re-markableyt176.exe has been discovered within the following program.

Re-Markable by Revizer Technologies

Re-Markable is an advertising injecting web browser addon that displays ads on web pages not associated with the program. It does this by using a local proxy server to route all web traffic through and display ads in the forms of banner ads, video ads and text-links.

re-markable.net

80% remove it

Remove k3re-markableyt176.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.