passshowgj171.exe

The application passshowgj171.exe has been detected as adware by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14247 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).
MD5:
bfb651560b078106f1b7cbbd1f269cc7

SHA-1:
98f153143267343381c64996d520751a93ca9f48

SHA-256:
8c7e99b015df9036aa1d1bf7b4aae41bb8aac3f0bd3bd5674916529b65d22d56

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/23/2024 2:43:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.652893
873

avast!
Win32:Adware-BQV [PUP]
2014.9-140915

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14915

Bitdefender
Application.Generic.652893
1.0.20.1290

Comodo Security
ApplicUnwnt
18630

F-Secure
Application.Generic.652893
11.2014-15-09_2

G Data
Application.Generic.652893
14.9.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3248

MicroWorld eScan
Application.Generic.652893
15.0.0.774

Reason Heuristics
Adware.Revizer.N
14.5.23.15

Trend Micro House Call
TROJ_GEN.F47V0609
7.2.258

File size:
175 KB (179,200 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\passshow-soft\passshowgj171.exe

File PE Metadata
Compilation timestamp:
5/21/2014 1:41:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:J6b0GV4BhnmQzsj9Va+JkxdoKOnUV92cNUt1CZ:J6b0GV4H+9gFoKSUVEDXCZ

Entry address:
0xE073

Entry point:
E8, 70, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 3C, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 10, 2E, 42, 00, 01, 0F, 82, 5B, 67, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02...
 
[+]

Code size:
95 KB (97,280 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14247/

Local host port:
14247

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (208.117.231.181:443)

TCP (HTTP SSL):
Connects to ec2-23-21-237-252.compute-1.amazonaws.com  (23.21.237.252:443)

TCP (HTTP SSL):
Connects to ec2-52-26-38-184.us-west-2.compute.amazonaws.com  (52.26.38.184:443)

TCP (HTTP SSL):
Connects to ec2-54-90-148-22.compute-1.amazonaws.com  (54.90.148.22:443)

TCP (HTTP):
Connects to ec2-50-16-225-36.compute-1.amazonaws.com  (50.16.225.36:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to ec2-34-198-225-71.compute-1.amazonaws.com  (34.198.225.71:80)

TCP (HTTP SSL):
Connects to www.ipko.pl  (193.109.225.70:443)

TCP (HTTP SSL):
Connects to ec2-54-171-167-130.eu-west-1.compute.amazonaws.com  (54.171.167.130:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to weebly.com  (74.115.50.110:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-fra3.facebook.com  (31.13.93.3:443)

TCP (HTTP):
Connects to ec2-54-243-163-102.compute-1.amazonaws.com  (54.243.163.102:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-52-202-7-3.compute-1.amazonaws.com  (52.202.7.3:443)

TCP (HTTP):
Connects to ec2-52-202-128-226.compute-1.amazonaws.com  (52.202.128.226:80)

TCP (HTTP SSL):
Connects to a184-84-22-207.deploy.static.akamaitechnologies.com  (184.84.22.207:443)

TCP (HTTP SSL):
Connects to a184-84-18-58.deploy.static.akamaitechnologies.com  (184.84.18.58:443)

TCP (HTTP):
Connects to vip154.ssl.hwcdn.net  (205.185.208.154:80)

TCP (HTTP SSL):
Connects to sw90.ua-hosting.company  (91.215.156.146:443)

Remove passshowgj171.exe - Powered by Reason Core Security