» re-markitw.exe
Overview
Analysis
File Details
Behaviors (1)

re-markitw.exe

The application re-markitw.exe has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).

File name:

re-markitw.exe

MD5:

6160ae57ed2e1983a7b279bcbba75749

SHA-1:

1faf9fd8e2a9b613d938bb1f3875baa509c9483e

SHA-256:

e7927a8bebbef3c3af54294c6c980caf4e764bba05876696276152938ad3a560

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/18/2024 10:21:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.146923

918

Avira AntiVirus

Adware/Graftor.146923.10

7.11.163.240

avast!

Win32:Adware-gen [Adw]

140617-1

AVG

Adware Generic5.BAGS

2014.0.3986

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.14731

Bitdefender

Gen:Variant.Adware.Graftor.146923

1.0.20.1060

Comodo Security

Application.Win32.Adware.WDUnlocker.A

18965

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.146923

8.14.07.31.03

ESET NOD32

Win32/AdWare.AddLyrics.AW application

7.0.302.0

Fortinet FortiGate

Riskware/AddLyrics

7/31/2014

F-Secure

Gen:Variant.Adware.Graftor.146923

11.2014-31-07_5

G Data

Gen:Variant.Adware.Graftor.146923

14.7.24

IKARUS anti.virus

PUA.AddLyrics

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12834

McAfee

Artemis!6160AE57ED2E

5600.7052

MicroWorld eScan

Gen:Variant.Adware.Graftor.146923

15.0.0.636

Reason Heuristics

Adware.Revizer.Remarkit.K

14.7.15.15

Rising Antivirus

PE:Trojan.Win32.Generic.1707223B!386343483

23.00.65.14729

Trend Micro House Call

TROJ_GEN.R0CBC0OGK14

7.2.212

Trend Micro

TROJ_GEN.R0CBC0OGK14

10.465.31

VIPRE Antivirus

Threat.4150696

31208

File size:

95.5 KB (97,792 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\re-markit-soft\re-markitw.exe

File PE Metadata

Compilation timestamp:

7/15/2014 10:27:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:heiu448YNTesywt+sUP1/c0DDJ6JsWjcdu+wv6NLjNEs:heiu4qhp/g1LDXu+i6F5

Entry address:

0x43E4

Entry point:

E8, 44, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 60, 40, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 28, 1C, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 88, 41, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Entropy:

5.6656

Code size:

46.5 KB (47,616 bytes)

Scheduled Task

Task name:

Re-markit_wd

Trigger:

Daily (Runs daily at 2:09 PM)

Remove re-markitw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.