di0a2zlyricsuh175.exe

The application di0a2zlyricsuh175.exe has been detected as adware by 20 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13879 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program a2zLyrics by Revizer Technologies which is a potentially unwanted software program.
MD5:
8138ed4279f54faeee14f0a1fdba448c

SHA-1:
ced789a24197eb00f9c73b8edd8de35fd7f4ad0a

SHA-256:
3c9b4dbd41bf4fa4cbd76c7395e0ca507825c8d45fa5cbd6b358d476da139157

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/26/2024 5:29:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.AddLyrics.12
904

avast!
Win32:Rootkit-gen [Rtk]
140617-1

AVG
Generic5
2015.0.3382

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14724

Bitdefender
Gen:Variant.AddLyrics.12
1.0.20.1135

Comodo Security
ApplicUnwnt
19117

Dr.Web
Trojan.Revizer.74
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.AddLyrics.12
8.14.08.15.11

ESET NOD32
Win32/AdWare.AddLyrics.AX (variant)
8.10144

Fortinet FortiGate
Riskware/AddLyrics
8/15/2014

F-Secure
Gen:Variant.AddLyrics.12
11.2014-15-08_6

G Data
Gen:Variant.AddLyrics.12
14.8.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3403

McAfee
Artemis!E7253A1E2E92
5600.7038

MicroWorld eScan
Gen:Variant.AddLyrics.12
15.0.0.681

NANO AntiVirus
Trojan.Win32.Revizer.dcsyub
0.28.2.61349

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.15.11

Sophos
Generic PUA HF
4.98

Trend Micro House Call
TROJ_GEN.R011H09H514
7.2.227

VIPRE Antivirus
Trojan.Win32.Generic
32016

File size:
155.5 KB (159,232 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\di1a2zlyrics\di0a2zlyricsuh175.exe

File PE Metadata
Compilation timestamp:
7/10/2014 2:03:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
1536:OrrKRlKw0rlIRExvOTHkk2uhiRrISJK5rrB+slc/YVsWjcdFpS00VvCZ5AtIY542:Juz5BmHBPrrB+swFpS0uqZ5JYusA

Entry address:
0xB2BB

Entry point:
E8, 48, 57, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, D4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, C9, 41, 00, 01, 0F, 82, 2B, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
6.3069

Code size:
75.5 KB (77,312 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13879/

Local host port:
13879

Default credentials:
No


The file di0a2zlyricsuh175.exe has been discovered within the following program.

a2zLyrics  by Revizer Technologies
This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads. These ads are typically injected in the header of footer are of the web page.
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ip-182-50-151-252.ip.secureserver.net  (182.50.151.252:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mrs1.facebook.com  (31.13.75.8:443)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to 173.192.219.51-static.reverse.softlayer.com  (173.192.219.51:80)

Remove di0a2zlyricsuh175.exe - Powered by Reason Core Security