» z3kb183.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

z3kb183.exe

The application z3kb183.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14169 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 203.130.48.151-BJ-CNC on port 80 using the HTTP protocol.

File name:

z3kb183.exe

MD5:

8d7f2dcf92d4a204369bbc52837f02a7

SHA-1:

cd44f38b10e131d71cedb5171402fdd3547db5ab

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 4:55:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.164707

393

Agnitum Outpost

PUA.AddLyrics

7.1.1

AhnLab V3 Security

Adware/Win32.AddLyrics

2015.05.09

avast!

Win32:Adware-CAU [Adw]

2014.9-160107

AVG

Generic5

2017.0.2871

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.1617

Bitdefender

Gen:Variant.Adware.Graftor.164707

1.0.20.35

Comodo Security

ApplicUnwnt

22046

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.164707

8.16.01.07.10

ESET NOD32

Win32/Adware.AddLyrics.DI (variant)

10.11598

Fortinet FortiGate

Riskware/AddLyrics

1/7/2016

F-Prot

W32/A-4aecb773

v6.4.7.1.166

G Data

Gen:Variant.Adware.Graftor.164707

16.1.25

K7 AntiVirus

Adware

13.203.15849

McAfee

Artemis!8D7F2DCF92D4

5600.6527

MicroWorld eScan

Gen:Variant.Adware.Graftor.164707

17.0.0.21

Panda Antivirus

Trj/Genetic.gen

16.01.07.10

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

SUPERAntiSpyware

Adware.AddLyrics/Variant

9399

VIPRE Antivirus

Trojan.Win32.Generic

40066

Zillya! Antivirus

Adware.AddLyrics.Win32.948

2.0.0.2173

File size:

132.5 KB (135,680 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver2blockandsurf\z3kb183.exe

File PE Metadata

Compilation timestamp:

11/19/2014 12:39:00 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

1536:dU6NqVuPaNoWOiMGsuPoUKmWGyfKoLKNBfFfdMuwE8evcGxrsWjcdtm+z2ZBfbhs:dzgAwbpyfKlLFYefUtm+z2ZBED

Entry address:

0x9409

Entry point:

E8, 58, 5B, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, 25, 9C, EA, 41, 00, 00, 83, EC, 10, 53, 33, DB, 43, 09, 1D, E8, D0, 41, 00, 6A, 0A, E8, 8B, B0, 00, 00, 85, C0, 0F, 84, 0E, 01, 00, 00, 33, C9, 8B, C3, 89, 1D, 9C, EA, 41, 00, 0F, A2, 56, 8B, 35, E8, D0, 41, 00, 57, 8D, 7D, F0, 83, CE, 02, 89, 07, 89, 5F, 04, 89, 4F, 08, 89, 57, 0C, F7, 45, F8, 00, 00, 10, 00, 89, 35, E8, D0, 41, 00, 74, 13, 83, CE, 04, C7, 05, 9C, EA, 41, 00, 02, 00, 00, 00, 89, 35, E8, D0, 41, 00, F7, 45, F8, 00, 00, 00, 10, 74, 13... 
[+]

Code size:

78 KB (79,872 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14169/

Local host port:

14169

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 203.130.48.150-BJ-CNC (203.130.48.150:80)

TCP (HTTP):

Connects to 203.130.48.151-BJ-CNC (203.130.48.151:80)

TCP (HTTP SSL):

Connects to ec2-52-20-120-15.compute-1.amazonaws.com (52.20.120.15:443)

TCP (HTTP):

Connects to 203.130.48.14-BJ-CNC (203.130.48.14:80)

Remove z3kb183.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.