b9eg190.exe

Running tester

The application b9eg190.exe, “Running tester support” has been detected as a potentially unwanted program by 15 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14286 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OffersWizard by OffersWizard-software which is a potentially unwanted software program.
Product:
Running tester

Description:
Running tester support

Version:
1.1.2.3

MD5:
a117d93042eeca4e50cf6c8ebb3e8eda

SHA-1:
d5dd0896b3c42ab0d1055a40d2a1425f8922da18

SHA-256:
78a171582ae84cf315a005beb70aceb2dcdc986f7580f9fdb1ca19ee930b57b0

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:53:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.79342
704

AVG
AddLyrics
2016.0.3182

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.1533

Bitdefender
Gen:Variant.Strictor.79342
1.0.20.310

Emsisoft Anti-Malware
Gen:Variant.Strictor.79342
8.15.03.03.05

ESET NOD32
Win32/Adware.AddLyrics.DS (variant)
9.11259

Fortinet FortiGate
Riskware/AddLyrics
3/3/2015

F-Secure
Gen:Variant.Strictor.79342
11.2015-03-03_3

G Data
Gen:Variant.Strictor.79342
15.3.25

McAfee
Artemis!A117D93042EE
5600.6838

MicroWorld eScan
Gen:Variant.Strictor.79342
16.0.0.186

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.9.2

Rising Antivirus
PE:Trojan.Win32.Generic.1829C7E1!405391329
23.00.65.15301

Trend Micro House Call
TROJ_GEN.R0C1H09C215
7.2.62

File size:
341.5 KB (349,696 bytes)

Product version:
2.2.2.3

Copyright:
Copyright (C) 2014

Trademarks:
Copyright 2014

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver2offerswizard\b9eg190.exe

File PE Metadata
Compilation timestamp:
2/19/2015 7:38:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:ZNDxHc7qX2DUnvoXr5JFLF1M+7LzpmJLWsTOde1rBrglwm3KY:nDxHJmDUAXRHjTwJLBwmBraxaY

Entry address:
0x1C586

Entry point:
E8, 8A, 9A, 00, 00, E9, 35, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1...
 
[+]

Code size:
242.5 KB (248,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14286/

Local host port:
14286

Default credentials:
No


The file b9eg190.exe has been discovered within the following program.

OffersWizard  by OffersWizard-software
This is an ad Injector type of malware that is typically bundled with unwanted software offers for legitimate software and once installed is deceptive, difficult to remove as well as impacts the security of the user's computer by displaying intrusive advertisements in the web browser which promote and trick users into installing other unwanted adware or malware.
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to wb-in-f188.1e100.net  (66.102.1.188:5228)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to a95-101-72-49.deploy.akamaitechnologies.com  (95.101.72.49:443)

TCP (HTTP):
Connects to 69.64.3a25.ip4.static.sl-reverse.com  (37.58.100.105:80)

TCP (HTTP SSL):
Connects to 162-180.amazon.com  (207.171.162.180:443)

TCP (HTTP):
Connects to server-52-85-63-58.lhr50.r.cloudfront.net  (52.85.63.58:80)

TCP (HTTP SSL):
Connects to server-52-85-63-248.lhr50.r.cloudfront.net  (52.85.63.248:443)

TCP (HTTP):
Connects to freeroms.com  (216.108.234.132:80)

TCP (HTTP SSL):
Connects to filter42.adblockplus.org  (144.76.197.80:443)

TCP (HTTP SSL):
Connects to filter29.adblockplus.org  (148.251.66.238:443)

TCP (HTTP):
Connects to uslax1-vip-bx-001.aaplimg.com  (17.253.27.201:80)

TCP (HTTP SSL):
Connects to server-54-192-130-248.ams50.r.cloudfront.net  (54.192.130.248:443)

TCP (HTTP SSL):
Connects to server-54-192-130-157.ams50.r.cloudfront.net  (54.192.130.157:443)

TCP (HTTP SSL):
Connects to server-52-85-77-130.lax3.r.cloudfront.net  (52.85.77.130:443)

TCP (HTTP SSL):
Connects to server-52-85-221-136.cdg50.r.cloudfront.net  (52.85.221.136:443)

TCP (HTTP):
Connects to sangria.parklogic.com  (50.28.32.162:80)

TCP (HTTP):
Connects to sage.parklogic.com  (69.39.236.56:80)

TCP (HTTP):
Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com  (54.72.47.163:80)

TCP (HTTP):
Connects to ec2-52-17-158-153.eu-west-1.compute.amazonaws.com  (52.17.158.153:80)

Remove b9eg190.exe - Powered by Reason Core Security