» show-passwordtn161.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (24)

show-passwordtn161.exe

The application show-passwordtn161.exe has been detected as adware by 5 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14399 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Show-Password by Revizer Technologies which is a potentially unwanted software program. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).

File name:

MD5:

71836c8f96a9456f18db508e04ff0086

SHA-1:

e8e685d287333c4891525d58afd59ff617e96b3f

SHA-256:

a9ea814fad4d06bb02ac64df0cfc4f3e54a9d9b69e0c8b0fd93c5cfae641d4ac

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/25/2024 7:36:44 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-BNS [PUP]

2014.9-140510

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.14510

ESET NOD32

Win32/AdWare.AddLyrics.AK (variant)

8.9780

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Adware.Revizer.S

14.5.10.3

File size:

140 KB (143,360 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\show-password\show-passwordtn161.exe

File PE Metadata

Compilation timestamp:

4/27/2014 8:49:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

3072:/lF5NPxOD2kHdfDeJlfTHcTXtapWt+yYdsQRE:/lXNJNkHdbeJlfE9yWt5Yds

Entry address:

0xBE87

Entry point:

E8, BB, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, 1E, 42, 00, 00, 74, 05, E9, 16, 59, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07... 
[+]

Entropy:

6.6990

Code size:

84 KB (86,016 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14399/

Local host port:

14399

Default credentials:

The file show-passwordtn161.exe has been discovered within the following program.

Show-Password by Revizer Technologies

Show-Password is an adware web browser extension that hijacks a user's web browser. Distributed through known adware sites including downxsoft.com (Somoto Ltd.) and softigloo.com.

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ec2-52-73-109-231.compute-1.amazonaws.com (52.73.109.231:443)

TCP (HTTP):

Connects to p1.image.com (104.131.59.105:80)

TCP (HTTP SSL):

Connects to ec2-52-20-120-15.compute-1.amazonaws.com (52.20.120.15:443)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP SSL):

Connects to server-54-230-5-8.dfw3.r.cloudfront.net (54.230.5.8:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP SSL):

Connects to ec2-52-72-157-241.compute-1.amazonaws.com (52.72.157.241:443)

TCP (HTTP):

Connects to ec2-23-23-99-139.compute-1.amazonaws.com (23.23.99.139:80)

TCP (HTTP):

Connects to d-nb.xplusone.com (199.38.164.156:80)

TCP (HTTP):

Connects to a23-79-7-117.deploy.static.akamaitechnologies.com (23.79.7.117:80)

TCP (HTTP):

Connects to a23-79-69-109.deploy.static.akamaitechnologies.com (23.79.69.109:80)

TCP (HTTP):

Connects to a23-78-157-95.deploy.static.akamaitechnologies.com (23.78.157.95:80)

TCP (HTTP):

Connects to a23-67-61-64.deploy.static.akamaitechnologies.com (23.67.61.64:80)

TCP (HTTP):

Connects to a23-67-61-185.deploy.static.akamaitechnologies.com (23.67.61.185:80)

TCP (HTTP):

Connects to a23-67-61-123.deploy.static.akamaitechnologies.com (23.67.61.123:80)

TCP (HTTP):

Connects to a23-67-61-104.deploy.static.akamaitechnologies.com (23.67.61.104:80)

TCP (HTTP):

Connects to a23-49-56-154.deploy.static.akamaitechnologies.com (23.49.56.154:80)

TCP (HTTP):

Connects to a23-49-56-153.deploy.static.akamaitechnologies.com (23.49.56.153:80)

TCP (HTTP):

Connects to a184-84-183-128.deploy.static.akamaitechnologies.com (184.84.183.128:80)

TCP (HTTP):

Connects to a184-51-207-42.deploy.static.akamaitechnologies.com (184.51.207.42:80)

Remove show-passwordtn161.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.