» q9thebestdealsob178.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (3)

q9thebestdealsob178.exe

The application q9thebestdealsob178.exe has been detected as adware by 12 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13852 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program TheBestDeals by Revizer Technologies which is a potentially unwanted software program.

File name:

MD5:

bd2a776b1422fe8a41d3eb85ad1ed0cc

SHA-1:

3c37fd1205e1c32d81cdaa6964c9dd23419e6ced

SHA-256:

1959e10317529aff9d73f76523c583146894976f955912e040a4be2b113360a1

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

11/27/2024 12:32:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.AddLyrics.17

866

avast!

Win32:Adware-BXP [Adw]

140908-2

AVG

Adware Generic5

2015.0.3344

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.14910

Bitdefender

Gen:Variant.Adware.AddLyrics.17

1.0.20.1320

Emsisoft Anti-Malware

Gen:Variant.Adware.AddLyrics.17

8.14.09.21.02

ESET NOD32

Win32/AdWare.AddLyrics.BN (variant)

8.10396

F-Secure

Gen:Variant.Adware.AddLyrics.17

11.2014-21-09_1

G Data

Gen:Variant.Adware.AddLyrics.17

14.9.24

MicroWorld eScan

Gen:Variant.Adware.AddLyrics.17

15.0.0.792

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.21.14

File size:

295 KB (302,080 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver5thebestdeals\q9thebestdealsob178.exe

File PE Metadata

Compilation timestamp:

9/9/2014 6:06:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:op+jYR2hoztS7pkp2aKBH9XC+w3Z/2ULJBTzO1EVl+QM6Z:oiYLztS7YZKfCV/FLJB/n+y

Entry address:

0x10E1A

Entry point:

E8, 79, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04... 
[+]

Entropy:

5.8703

Code size:

100 KB (102,400 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:13852/

Local host port:

13852

Default credentials:

The file q9thebestdealsob178.exe has been discovered within the following program.

TheBestDeals by Revizer Technologies

TheBestDeals is an adware web browser extension/plugin for Internet Explorer, Firefox and Chrome that's primary purpose is to inject advertising in the web browser.

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ord08s06-in-f19.1e100.net (74.125.225.51:443)

TCP (HTTP SSL):

Connects to dfw06s17-in-f6.1e100.net (74.125.227.134:443)

TCP (HTTP):

Connects to a96-16-6-201.deploy.akamaitechnologies.com (96.16.6.201:80)

Remove q9thebestdealsob178.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.