home

p0jz179.exe

The application p0jz179.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14305 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
2a43a9423fe0eac33bafc231febe6ce0

SHA-1:
6c0c5f822d3bc27e021a7efd2bee87d5f9bd31da

SHA-256:
b86cb59987a161d538f97085f096d7f2591611e3da8e02b4bfd17aabcb159c6a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:31:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.156696
857

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

avast!
Win32:Dropper-gen [Drp]
140929-0

AVG
Adware Generic5.BVIZ
2014.0.4025

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14930

Bitdefender
Gen:Variant.Graftor.156696
1.0.20.1365

Emsisoft Anti-Malware
Gen:Variant.Graftor.156696
8.14.09.30.06

ESET NOD32
Win32/AdWare.AddLyrics.BN (variant)
8.10489

F-Secure
Gen:Variant.Graftor.156696
11.2014-30-09_3

G Data
Gen:Variant.Graftor.156696
14.9.24

MicroWorld eScan
Gen:Variant.Graftor.156696
15.0.0.819

Panda Antivirus
Trj/Genetic.gen
14.10.02.03

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.2.15

Trend Micro House Call
TROJ_GEN.R0C1H09IU14
7.2.275

File size:
318 KB (325,632 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver5blockandsurf\p0jz179.exe

File PE Metadata
Compilation timestamp:
9/28/2014 1:33:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:QSNuuUmSCCm5jwKpnMfrhX+2+xePM6Wfl14zHefp:QSNMmlZj+xkaMLl18+fp

Entry address:
0x118CE

Entry point:
E8, A5, 72, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
116 KB (118,784 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14305/

Local host port:
14305

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to qh-in-f188.1e100.net  (74.125.22.188:5228)

TCP (HTTP SSL):
Connects to iad23s08-in-f8.1e100.net  (74.125.228.104:443)

TCP (HTTP SSL):
Connects to iad23s08-in-f4.1e100.net  (74.125.228.100:443)

TCP (HTTP SSL):
Connects to iad23s08-in-f3.1e100.net  (74.125.228.99:443)

TCP (HTTP):
Connects to iad23s08-in-f27.1e100.net  (74.125.228.123:80)

TCP (HTTP):
Connects to iad23s08-in-f25.1e100.net  (74.125.228.121:80)

TCP (HTTP SSL):
Connects to iad23s08-in-f0.1e100.net  (74.125.228.96:443)

TCP (HTTP):
Connects to iad23s05-in-f28.1e100.net  (74.125.228.28:80)

TCP (HTTP):
Connects to iad23s05-in-f27.1e100.net  (74.125.228.27:80)

TCP (HTTP):
Connects to iad23s05-in-f26.1e100.net  (74.125.228.26:80)

TCP (HTTP):
Connects to iad23s05-in-f25.1e100.net  (74.125.228.25:80)

TCP (HTTP):
Connects to iad23s05-in-f13.1e100.net  (74.125.228.13:80)

TCP (HTTP):
Connects to errserv-21.btrll.com  (162.208.21.166:80)

TCP (HTTP):
Connects to ec2-54-217-66-116.eu-west-1.compute.amazonaws.com  (54.217.66.116:80)

TCP (HTTP):
Connects to a23-209-44-168.deploy.static.akamaitechnologies.com  (23.209.44.168:80)

TCP (HTTP):
Connects to a23-203-39-2.deploy.static.akamaitechnologies.com  (23.203.39.2:80)

TCP (HTTP):
Connects to 174.127.102.228.static.midphase.com  (174.127.102.228:80)

Remove p0jz179.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.