a2zlyricspub158.exe

The application a2zlyricspub158.exe has been detected as adware by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13828 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program a2zLyrics by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address 149-210-169-43.colo.transip.net on port 80 using the HTTP protocol.
MD5:
18a7e9ef161b741e09c899c5dcb99e55

SHA-1:
22cb4538ed2aa0fd98b8e85c08ce9722b59d7174

SHA-256:
f5ef2f444a1e315e179e63a2004603394ed1910cda610ef8b32ce8a8b975f063

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/23/2024 10:02:46 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BMG [PUP]
2014.9-140702

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3622

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.2.14

File size:
139.5 KB (142,848 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\a2zlyrics-soft\a2zlyricspub158.exe

File PE Metadata
Compilation timestamp:
4/7/2014 4:48:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:99oLFi6cTqPy65ILAW4ldgeWNLOJxG9Zx4aaUDADA8FolkFlR8VykXXFQU1FdwMW:Pog8Py6c4lQQw+aADwYsuU1FdQjsS

Entry address:
0xBCD9

Entry point:
E8, 09, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 48, 1E, 42, 00, 00, 74, 05, E9, 66, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7...
 
[+]

Code size:
83.5 KB (85,504 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13828/

Local host port:
13828

Default credentials:
No


The file a2zlyricspub158.exe has been discovered within the following program.

a2zLyrics  by Revizer Technologies
This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads. These ads are typically injected in the header of footer are of the web page.
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to www2.avira.com  (62.146.210.53:80)

TCP (HTTP):
Connects to snt-re4-9c.sjc.dropbox.com  (108.160.163.111:80)

TCP (HTTP):
Connects to sjd-rd12-2c.sjc.dropbox.com  (108.160.167.155:80)

TCP (HTTP):
Connects to server-54-230-26-155.mxp4.r.cloudfront.net  (54.230.26.155:80)

TCP (HTTP):
Connects to mil01s16-in-f23.1e100.net  (173.194.35.23:80)

TCP (HTTP):
Connects to host39-132-235-85.serverdedicati.aruba.it  (85.235.132.39:80)

TCP (HTTP):
Connects to fa-in-f95.1e100.net  (173.194.70.95:80)

TCP (HTTP):
Connects to 149-210-169-43.colo.transip.net  (149.210.169.43:80)

Remove a2zlyricspub158.exe - Powered by Reason Core Security