di0blockandsurflp175.exe

The application di0blockandsurflp175.exe has been detected as adware by 18 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14051 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program BlockAndSurf by Revizer Technologies which is a potentially unwanted software program.
MD5:
06a772d1a7b387bdb16b3c8697ea81c5

SHA-1:
7b6ccb5afcca21b67bcfac60590ffc0b8a388e72

SHA-256:
1605bd7a160459b04e8f1e7e1a581a3d4b783091726bb20e0bccc7b1099ef6bf

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
12/25/2024 2:51:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11536956
806

avast!
Win32:Dropper-gen [Drp]
2014.9-141120

AVG
Generic_r
2015.0.3284

Bitdefender
Trojan.Generic.11536956
1.0.20.1620

Comodo Security
ApplicUnwnt
18980

Dr.Web
Trojan.Revizer.74
9.0.1.0324

Emsisoft Anti-Malware
Trojan.Generic.11536956
8.14.11.20.09

ESET NOD32
Win32/AdWare.AddLyrics.AX (variant)
8.10157

F-Secure
Trojan.Generic.11536956
11.2014-20-11_5

G Data
Trojan.Generic.11536956
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

McAfee
Artemis!06A772D1A7B3
5600.6940

MicroWorld eScan
Trojan.Generic.11536956
15.0.0.972

nProtect
Trojan.Generic.11536956
14.07.25.01

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.20.21

Trend Micro House Call
TROJ_GEN.R047H09GM14
7.2.324

VIPRE Antivirus
Trojan.Win32.Generic
31620

File size:
155.5 KB (159,232 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\di3blockandsurf\di0blockandsurflp175.exe

File PE Metadata
Compilation timestamp:
7/10/2014 12:28:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:h0z85x/lSZoB+/e8pS0OkWmZ1LNqBpsAt:h+4SeI4NxmfhfA

Entry address:
0xB2BB

Entry point:
E8, 48, 57, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, D4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, C9, 41, 00, 01, 0F, 82, 2B, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
6.3231

Code size:
75.5 KB (77,312 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14051/

Local host port:
14051

Default credentials:
No


The file di0blockandsurflp175.exe has been discovered within the following program.

BlockAndSurf  by Revizer Technologies
BlockAndSurf is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.
www.revizer.com
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):

Remove di0blockandsurflp175.exe - Powered by Reason Core Security