a9lyricsfanba175.exe

The executable a9lyricsfanba175.exe has been detected as malware by 1 anti-virus scanner. This executable runs as a local area network (LAN) Internet proxy server listening on port 14346 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
a468332e4e788b1afe35b7bb48b6c823

SHA-1:
0dd57344b331731326ba6013fd726eaf3df5f29c

SHA-256:
5cae1270dac642dcddbec5448a1712538bcb5f20a43a724a9ab928690e2ef67d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 5:58:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.15.0

File size:
157.5 KB (161,280 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver7lyricsfan\a9lyricsfanba175.exe

File PE Metadata
Compilation timestamp:
7/27/2014 2:21:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:707K9cltpbNLi2U/Tw+XrOJBS38pZMiEGuKs1X:72JpNLi2ZHJQ3syvGhs1X

Entry address:
0xAFBD

Entry point:
E8, 16, 64, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, E4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, D9, 41, 00, 01, 0F, 82, FB, 64, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA...
 
[+]

Entropy:
6.3161

Code size:
78 KB (79,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14346/

Local host port:
14346

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lht6.facebook.com  (157.240.1.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-fra3.facebook.com  (31.13.93.3:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-frt3.facebook.com  (31.13.92.10:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ams3.facebook.com  (31.13.91.2:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-amt2.facebook.com  (31.13.64.35:443)

TCP (HTTP SSL):
Connects to ec2-52-3-204-190.compute-1.amazonaws.com  (52.3.204.190:443)

TCP (HTTP SSL):
Connects to 105-187-240-145.cdn.north.telkomsa.net  (105.187.240.145:443)

TCP (HTTP SSL):
Connects to server-52-85-173-72.fra6.r.cloudfront.net  (52.85.173.72:443)

TCP (HTTP):
Connects to server-52-85-173-60.fra6.r.cloudfront.net  (52.85.173.60:80)

TCP (HTTP):
Connects to server-52-85-173-130.fra6.r.cloudfront.net  (52.85.173.130:80)

TCP (HTTP SSL):
Connects to ec2-52-24-196-36.us-west-2.compute.amazonaws.com  (52.24.196.36:443)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP SSL):
Connects to server-54-230-47-40.fra6.r.cloudfront.net  (54.230.47.40:443)

TCP (HTTP):
Connects to server-54-192-130-211.ams50.r.cloudfront.net  (54.192.130.211:80)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.ir2.yahoo.net  (217.12.13.40:443)

Remove a9lyricsfanba175.exe - Powered by Reason Core Security