lyricscontainermm161.exe

The application lyricscontainermm161.exe has been detected as adware by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14063 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 173.192.219.38-static.reverse.softlayer.com on port 80 using the HTTP protocol.
MD5:
04622119600a760485ceaf47ec2fba48

SHA-1:
dfb8f966c34d3d737e3ac2efc38f870979837216

SHA-256:
3a4c8208990db61f66698fe3d747836208ff3ca86219a9bccb4bdc338b896fdf

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/28/2024 2:17:49 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BNS [PUP]
2014.9-140530

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14530

ESET NOD32
Win32/AdWare.AddLyrics.AK (variant)
8.9748

Reason Heuristics
Threat.Win.Reputation.IMP
14.5.30.18

File size:
140 KB (143,360 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lyricscontainer\lyricscontainermm161.exe

File PE Metadata
Compilation timestamp:
4/27/2014 11:06:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:R9lvNneyTVz9oW5MCmcnUZkfNHFk6UAJMG9Ch6kkSMOWS8urpfkX6UjR6SLgVXtb:jlVNzSWpnUiVFVDyMlQUjlmXtTazUQU

Entry address:
0xBE87

Entry point:
E8, BB, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, 1E, 42, 00, 00, 74, 05, E9, 16, 59, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Entropy:
6.6801

Code size:
84 KB (86,016 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14063/

Local host port:
14063

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to 173.192.219.38-static.reverse.softlayer.com  (173.192.219.38:80)

Remove lyricscontainermm161.exe - Powered by Reason Core Security