di9viewpasswordjs175.exe

The application di9viewpasswordjs175.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14431 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program.
MD5:
05f3925aff725a982dc18ef14e95688e

SHA-1:
b5be3e5fa671f445f070f82f6e93b4d81451650e

SHA-256:
74995cede3ddffcc3a669cec35f505b569bf0c1414e03da6b46bfe19a7b51056

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 7:17:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.AddLyrics.12
904

avast!
Win32:Adware-BTY [PUP]
2014.9-140815

AVG
Generic5
2015.0.3382

Baidu Antivirus
Trojan.Win32.AddLyrics
4.0.3.14815

Bitdefender
Gen:Variant.AddLyrics.12
1.0.20.1135

Comodo Security
ApplicUnwnt
19117

Dr.Web
Trojan.Revizer.85
9.0.1.0227

Emsisoft Anti-Malware
Gen:Variant.AddLyrics.12
8.14.08.15.11

ESET NOD32
Win32/AdWare.AddLyrics.BC (variant)
8.10220

Fortinet FortiGate
Riskware/AddLyrics
8/15/2014

F-Secure
Gen:Variant.AddLyrics.12
11.2014-15-08_6

G Data
Gen:Variant.AddLyrics.12
14.8.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3403

McAfee
Artemis!E7253A1E2E92
5600.7038

MicroWorld eScan
Gen:Variant.AddLyrics.12
15.0.0.681

NANO AntiVirus
Trojan.Win32.Revizer.dcsyub
0.28.2.61349

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.15.11

Sophos
Generic PUA HF
4.98

Trend Micro House Call
TROJ_GEN.R011H09H514
7.2.227

VIPRE Antivirus
Trojan.Win32.Generic
32016

File size:
155 KB (158,720 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\di3viewpassword\di9viewpasswordjs175.exe

File PE Metadata
Compilation timestamp:
7/10/2014 12:24:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
1536:lrrKR7Kw0rJFkk1uG2MoPkk2uhiRrISJK5rfB+ZlcnYVsWjcdqpS0KcvWgbMKW4f:g0zLkpPBPrfB+ZIqpS0KcvBsA

Entry address:
0xB2BB

Entry point:
E8, 48, 57, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, D4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, C9, 41, 00, 01, 0F, 82, 2B, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
6.3160

Code size:
75.5 KB (77,312 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14431/

Local host port:
14431

Default credentials:
No


The file di9viewpasswordjs175.exe has been discovered within the following program.

ViewPassword  by Revizer Technologies
ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):

TCP (HTTP):
Connects to snt-re4-8b.sjc.dropbox.com  (108.160.163.106:80)

TCP (HTTP SSL):
Connects to fra07s29-in-f5.1e100.net  (173.194.112.69:443)

TCP (HTTP SSL):
Connects to fra02s17-in-f7.1e100.net  (173.194.112.199:443)

TCP (HTTP):
Connects to ec2-54-214-7-177.us-west-2.compute.amazonaws.com  (54.214.7.177:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to a23-7-120-231.deploy.static.akamaitechnologies.com  (23.7.120.231:443)

TCP (HTTP SSL):
Connects to a23-7-120-227.deploy.static.akamaitechnologies.com  (23.7.120.227:443)

TCP (HTTP SSL):
Connects to a23-5-146-250.deploy.static.akamaitechnologies.com  (23.5.146.250:443)

TCP (HTTP SSL):
Connects to a184-29-104-208.deploy.static.akamaitechnologies.com  (184.29.104.208:443)

TCP (HTTP SSL):
Connects to 89.240.178.107.bc.googleusercontent.com  (107.178.240.89:443)

Remove di9viewpasswordjs175.exe - Powered by Reason Core Security