r4blockandsurfnb175.exe

The application r4blockandsurfnb175.exe has been detected as adware by 8 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13871 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
145e842d3d5f69c3e2884d2d1101b038

SHA-1:
6df7bb63d4b1fc1e53a0b366a06273e2dee4dd4a

SHA-256:
a574cfc4ef5556027840fb69c71d77bd2167668cb6103b6635ebebcd2ec7ae35

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/27/2024 11:03:55 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BUL [Adw]
2014.9-141020

ESET NOD32
Win32/AdWare.AddLyrics.BC (variant)
8.10191

G Data
Win32.Trojan.Agent.1POERQ
14.10.24

K7 AntiVirus
Adware
13.182.12926

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3072

McAfee
Artemis!145E842D3D5F
5600.6971

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.20.15

Sophos
Generic PUA GN
4.98

File size:
159 KB (162,816 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver9blockandsurf\r4blockandsurfnb175.exe

File PE Metadata
Compilation timestamp:
7/28/2014 4:44:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:tn7+G8czWp7dDLWED/w+zz7HAnBSJKUtE/M1X:t7MpdDLWRwHoQJPtE/M1X

Entry address:
0xAFBD

Entry point:
E8, 16, 64, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, CC, E4, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 94, D9, 41, 00, 01, 0F, 82, FB, 64, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA...
 
[+]

Code size:
78 KB (79,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13871/

Local host port:
13871

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to msnbot-207-46-194-40.search.msn.com  (207.46.194.40:443)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to bn1302-e.1drv.com  (134.170.104.104:443)

TCP (HTTP):
Connects to a172-227-126-236.deploy.static.akamaitechnologies.com  (172.227.126.236:80)

Remove r4blockandsurfnb175.exe - Powered by Reason Core Security