» s7blockandsurfke176.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

s7blockandsurfke176.exe

The application s7blockandsurfke176.exe has been detected as adware by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13812 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program BlockAndSurf by Revizer Technologies which is a potentially unwanted software program.

File name:

MD5:

46dcd310050b743b16fa66a6ad8d1067

SHA-1:

ec28e814b9473401a52dd886e44b8f26fcb39183

SHA-256:

de70758bea44a36a13e75089f2ddcfb914f790bf834446566eb4d255b2739016

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/19/2024 4:50:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.150960

896

avast!

Win32:Adware-BWL [Adw]

2014.9-140822

AVG

Generic5

2015.0.3374

Baidu Antivirus

Adware.Win32.Agent

4.0.3.1483

Bitdefender

Gen:Variant.Graftor.150960

1.0.20.1170

Emsisoft Anti-Malware

Gen:Variant.Graftor.150960

8.14.08.22.06

ESET NOD32

Win32/AdWare.AddLyrics.BE application

8.7.0.302.0

F-Secure

Gen:Variant.Graftor.150960

11.2014-22-08_6

G Data

Gen:Variant.Graftor.150960

14.8.24

MicroWorld eScan

Gen:Variant.Graftor.150960

15.0.0.702

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.22.18

Sophos

AddLyrics

4.98

VIPRE Antivirus

Threat.5063086

32210

File size:

191 KB (195,584 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver9blockandsurf\s7blockandsurfke176.exe

File PE Metadata

Compilation timestamp:

8/3/2014 2:33:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:PXRWYW5WL5NX2dpF0YAQ8eVu+Hc0+82jDGOS0DkjeSi:PX96C5NXCzxAQ8Ou79PHrkxi

Entry address:

0x10A12

Entry point:

E8, E1, 67, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C... 
[+]

Entropy:

6.1119

Code size:

99.5 KB (101,888 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:13812/

Local host port:

13812

Default credentials:

The file s7blockandsurfke176.exe has been discovered within the following program.

BlockAndSurf by Revizer Technologies

BlockAndSurf is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.

www.revizer.com

82% remove it

Remove s7blockandsurfke176.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.