» passshowyz171.exe
Overview
Analysis
File Details
Behaviors (1)
Network (9)

passshowyz171.exe

The application passshowyz171.exe has been detected as adware by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14286 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).

File name:

passshowyz171.exe

MD5:

2c412de40f86ee3b19e139de2566e9b3

SHA-1:

c5bccabebe028c6559e1329edf2a6ef0e8cf2a8f

SHA-256:

98f6b495b3b943ba1fc9d9dc0709e59deddfc1653897d88205f19070abf6fda9

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

5/1/2024 6:28:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.652893

946

avast!

Win32:Adware-BQV [PUP]

2014.9-140703

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.1473

Bitdefender

Application.Generic.652893

1.0.20.920

Comodo Security

ApplicUnwnt

18630

F-Secure

Application.Generic.652893

11.2014-03-07_5

G Data

Application.Generic.652893

14.7.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3616

MicroWorld eScan

Application.Generic.652893

15.0.0.552

Reason Heuristics

Adware.Revizer.N

14.7.3.18

Trend Micro House Call

TROJ_GEN.F47V0609

7.2.184

File size:

174.5 KB (178,688 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\passshow-soft\passshowyz171.exe

File PE Metadata

Compilation timestamp:

5/21/2014 2:38:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:m6b0sFIDR3eQzsj9Va+psxOS4KOn3kUT/nCZ:m6b0sFI1+9gdb4KSdT/nCZ

Entry address:

0xE073

Entry point:

E8, 70, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 3C, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 10, 2E, 42, 00, 01, 0F, 82, 5B, 67, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02... 
[+]

Entropy:

6.3983

Code size:

95 KB (97,280 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14286/

Local host port:

14286

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to r-199-59-148-10.twttr.com (199.59.148.10:443)

TCP (HTTP SSL):

Connects to muc03s07-in-f9.1e100.net (173.194.44.9:443)

TCP (HTTP SSL):

Connects to muc03s07-in-f14.1e100.net (173.194.44.14:443)

TCP (HTTP SSL):

Connects to geoip-origin.keek.com (195.50.93.65:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-fra3.facebook.com (31.13.93.3:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP SSL):

Connects to del01s07-in-f30.1e100.net (173.194.36.126:443)

TCP (HTTP SSL):

Connects to del01s06-in-f30.1e100.net (173.194.36.94:443)

TCP (HTTP SSL):

Connects to arn06s01-in-f24.1e100.net (173.194.32.24:443)

Remove passshowyz171.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.