» r4blockandsurfnb175.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

r4blockandsurfnb175.exe

The application r4blockandsurfnb175.exe has been detected as adware by 8 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13871 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

MD5:

145e842d3d5f69c3e2884d2d1101b038

SHA-1:

6df7bb63d4b1fc1e53a0b366a06273e2dee4dd4a

SHA-256:

a574cfc4ef5556027840fb69c71d77bd2167668cb6103b6635ebebcd2ec7ae35

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/18/2024 9:04:30 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-BUL [Adw]

2014.9-141020

ESET NOD32

Win32/AdWare.AddLyrics.BC (variant)

8.10191

G Data

Win32.Trojan.Agent.1POERQ

14.10.24

K7 AntiVirus

Adware

13.182.12926

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3072

McAfee

Artemis!145E842D3D5F

5600.6971

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.20.15

Sophos

Generic PUA GN

4.98

File size:

159 KB (162,816 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver9blockandsurf\r4blockandsurfnb175.exe

File PE Metadata

Compilation timestamp:

7/28/2014 4:44:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:tn7+G8czWp7dDLWED/w+zz7HAnBSJKUtE/M1X:t7MpdDLWRwHoQJPtE/M1X

Entry address:

0xAFBD

Entry point:

E8, 16, 64, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, E4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, D9, 41, 00, 01, 0F, 82, FB, 64, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA... 
[+]

Code size:

78 KB (79,872 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:13871/

Local host port:

13871

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to msnbot-207-46-194-40.search.msn.com (207.46.194.40:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP SSL):

Connects to bn1302-e.1drv.com (134.170.104.104:443)

TCP (HTTP):

Connects to a172-227-126-236.deploy.static.akamaitechnologies.com (172.227.126.236:80)

Remove r4blockandsurfnb175.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.