q7dt179.exe

The application q7dt179.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14267 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program NewPlayer by Offers411 which is a potentially unwanted software program.
MD5:
82b831a4acadb956b471511d58f2a157

SHA-1:
9a8fa22f2b7694cb172d3777db699b82351bc01c

SHA-256:
68b1d0e748352571769424997c4e1db6938ba63c9f0361657d95027d30448279

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:50:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.156696
860

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

Avira AntiVirus
TR/Graftor.156696.4
7.11.174.250

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140927

AVG
Adware Generic5
2015.0.3333

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14927

Bitdefender
Gen:Variant.Graftor.156696
1.0.20.1350

Emsisoft Anti-Malware
Gen:Variant.Graftor.156696
8.14.09.27.11

ESET NOD32
Win32/AdWare.AddLyrics.BN (variant)
8.10475

F-Secure
Gen:Variant.Graftor.156696
11.2014-27-09_7

G Data
Gen:Variant.Graftor.156696
14.9.24

MicroWorld eScan
Gen:Variant.Graftor.156696
15.0.0.810

Panda Antivirus
Trj/Genetic.gen
14.10.02.03

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.2.15

Trend Micro House Call
TROJ_GEN.R0C1H09IQ14
7.2.270

File size:
309 KB (316,416 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver6newplayer\q7dt179.exe

File PE Metadata
Compilation timestamp:
9/24/2014 3:55:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:XSN3pUm+0EAMLw3pso6rJds+VmVePNoizHpcs:XSNymT6i58JCHaNNJcs

Entry address:
0x118CE

Entry point:
E8, A5, 72, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D...
 
[+]

Entropy:
5.8571

Packer / compiler:
PEQuake V0.06

Code size:
116 KB (118,784 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14267/

Local host port:
14267

Default credentials:
No


The file q7dt179.exe has been discovered within the following program.

NewPlayer  by Offers411
NewPlayer is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-04-sin1.fbcdn.net  (31.13.79.23:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-03-sin1.fbcdn.net  (31.13.79.7:443)

TCP (HTTP SSL):
Connects to wj-in-f95.1e100.net  (74.125.195.95:443)

TCP (HTTP SSL):
Connects to u17367888.onlinehome-server.com  (74.208.152.119:443)

TCP (HTTP SSL):
Connects to r-199-59-150-46.twttr.com  (199.59.150.46:443)

TCP (HTTP):
Connects to float.1795.bm-impbus.prod.fra1.adnexus.net  (37.252.170.118:80)

TCP (HTTP):
Connects to float.1294.bm-impbus.prod.fra1.adnexus.net  (37.252.170.43:80)

TCP (HTTP SSL):
Connects to edge-star-shv-11-sin1.facebook.com  (31.13.79.128:443)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-04-frc3.facebook.com  (173.252.107.16:443)

TCP (HTTP):
Connects to 61-91-9-210.static.asianet.co.th  (61.91.9.210:80)

TCP (HTTP SSL):
Connects to 58-97-45-42.static.asianet.co.th  (58.97.45.42:443)

TCP (HTTP SSL):
Connects to 58-97-45-234.static.asianet.co.th  (58.97.45.234:443)

TCP (HTTP SSL):
Connects to 58-97-45-17.static.asianet.co.th  (58.97.45.17:443)

TCP (HTTP):
Connects to 37.58.93.181-static.reverse.softlayer.com  (37.58.93.181:80)

TCP (HTTP SSL):
Connects to 203-144-145-195.static.asianet.co.th  (203.144.145.195:443)

TCP (HTTP SSL):
Connects to 203-144-145-178.static.asianet.co.th  (203.144.145.178:443)

TCP (HTTP SSL):
Connects to 203-144-145-161.static.asianet.co.th  (203.144.145.161:443)

TCP (HTTP SSL):
Connects to 203-144-145-155.static.asianet.co.th  (203.144.145.155:443)

Remove q7dt179.exe - Powered by Reason Core Security