home

veribrowserr170.exe

The application veribrowserr170.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14006 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program VeriBrowse by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address f0.65.2d.static.xlhost.com on port 443.
MD5:
057ab0f0c02bdf1ce5203618386a7bbb

SHA-1:
cb4c3cadb4b5d330d5ea4e75e844f0512af92e63

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 3:57:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.652893
873

avast!
Win32:Adware-BQV [PUP]
2014.9-140915

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14528

Bitdefender
Application.Generic.652893
1.0.20.1290

Comodo Security
ApplicUnwnt
18630

F-Secure
Application.Generic.652893
11.2014-15-09_2

G Data
Application.Generic.652893
14.9.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3248

MicroWorld eScan
Application.Generic.652893
15.0.0.774

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.15.10

Trend Micro House Call
TROJ_GEN.F47V0609
7.2.258

File size:
176 KB (180,224 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\veribrowse-soft\veribrowserr170.exe

File PE Metadata
Compilation timestamp:
5/20/2014 8:08:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:hNcb0/Rh3PfXDT4iintp+Tpx4OH9BWYnFZ:hNcb0Jhz/inuCi9fZ

Entry address:
0xE0E3

Entry point:
E8, 0B, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 3C, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 10, 2E, 42, 00, 01, 0F, 82, F6, 66, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02...
 
[+]

Entropy:
6.3992

Code size:
95 KB (97,280 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14006/

Local host port:
14006

Default credentials:
No


The file veribrowserr170.exe has been discovered within the following program.

VeriBrowse  by Revizer Technologies
VeriBrowse is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-hkg3.facebook.com  (31.13.95.8:443)

TCP (HTTP):
Connects to ip-184-168-221-96.ip.secureserver.net  (184.168.221.96:80)

TCP (HTTP SSL):
Connects to static.vnpt.vn  (113.171.68.17:443)

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.36:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to haproxy5.ca.servers.visadd.com  (198.27.120.88:80)

TCP (HTTP):
Connects to 190.226.197.104.bc.googleusercontent.com  (104.197.226.190:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP):
Connects to server-54-239-132-217.sfo9.r.cloudfront.net  (54.239.132.217:80)

TCP (HTTP SSL):
Connects to server-54-182-4-37.hkg51.r.cloudfront.net  (54.182.4.37:443)

TCP (HTTP SSL):
Connects to f0.65.2d.static.xlhost.com  (173.45.101.240:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP):
Connects to ec2-54-243-161-87.compute-1.amazonaws.com  (54.243.161.87:80)

TCP (HTTP):
Connects to ec2-54-225-181-9.compute-1.amazonaws.com  (54.225.181.9:80)

TCP (HTTP):
Connects to ec2-54-173-26-224.compute-1.amazonaws.com  (54.173.26.224:80)

TCP (HTTP SSL):
Connects to ec2-54-149-31-115.us-west-2.compute.amazonaws.com  (54.149.31.115:443)

TCP (HTTP SSL):
Connects to ec2-54-148-137-206.us-west-2.compute.amazonaws.com  (54.148.137.206:443)

TCP (HTTP SSL):
Connects to dd.65.2d.static.xlhost.com  (173.45.101.221:443)

TCP (HTTP):
Connects to d117155147.ppp117155.cyberway.com.sg  (203.117.155.147:80)

Remove veribrowserr170.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.