» select-n-go157.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

select-n-go157.exe

The application select-n-go157.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 13828 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Select-N-Go by Select-N-Go Software which is a potentially unwanted software program. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).

File name:

select-n-go157.exe

MD5:

162caa9a4b826e98f930804984137011

SHA-1:

c435817c92905d0742920f1948483c52735568a1

SHA-256:

2b68dbb15a73ce915422ecd468dc019abc66cf8a2b5a555dcc5e0770f5f1f44f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 9:16:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Revizer.O

14.10.25.18

File size:

190 KB (194,560 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\select-n-go-soft\select-n-go157.exe

File PE Metadata

Compilation timestamp:

3/17/2014 10:55:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

3072:IBqBFKbXH9h6kW5kln+Exj4Meg3Npeo9OBgnchWTBft78Z/dQMt+gOtKp:IBqB45ZW5kUYjdegPbwgnQWTBZa/dQMZ

Entry address:

0x14D92

Entry point:

E8, C5, 5A, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, EC, EE, 42, 00, 00, 74, 05, E9, 2B, 5B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24... 
[+]

Entropy:

6.7558

Code size:

121 KB (123,904 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:13828/

Local host port:

13828

Default credentials:

The file select-n-go157.exe has been discovered within the following program.

Select-N-Go by Select-N-Go Software

Displays context based advertising within a users web browser.

63% remove it

Remove select-n-go157.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.