re-markit157.exe

The application re-markit157.exe has been detected as adware by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Re-markit”. This executable runs as a local area network (LAN) Internet proxy server listening on port 13828 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Re-markit by Revizer Technologies which is a potentially unwanted software program. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).
MD5:
e3f4cba830662ef0b27de793fcc96e1b

SHA-1:
ca0693533533521ec324344e2c085132f61529e0

SHA-256:
f86095c7c85be03bb92df6fb212b90b756253b7626fa15418675eb25cb159373

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/26/2024 12:50:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140324

G Data
Win32.Trojan.Agent.8FUIVW
14.3.24

McAfee
Adware-AddLyrics!E3F4CBA83066
5600.7181

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Reason Heuristics
Adware.Revizer.Remarkit.Service.M
14.8.13.22

Trend Micro House Call
TROJ_GEN.F47V0315
7.2.83

File size:
190.5 KB (195,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\re-markit-soft\re-markit157.exe

File PE Metadata
Compilation timestamp:
3/12/2014 1:06:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:qBaBbGtFEHIJ8LRCuHqm/95G5HQoEpn4wRwxVfAWTBf4rZ8Zj/bn3go3:qBaByVSLRCe/95qHQL/WxVIWTBw1ajTB

Entry address:
0x14D82

Entry point:
E8, B5, 5A, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, EC, EE, 42, 00, 00, 74, 05, E9, 1B, 5B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24...
 
[+]

Entropy:
6.7581

Code size:
121 KB (123,904 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13828/

Local host port:
13828

Default credentials:
No


Service
Display name:
Re-markit

Type:
Win32OwnProcess


The file re-markit157.exe has been discovered within the following program.

Re-markit  by Revizer Technologies
This is a potentially unwanted web browser extension that is designed to deliver search-based hijacking as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.
www.best-markit.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-21-251-40.compute-1.amazonaws.com  (107.21.251.40:80)

TCP (HTTP):
Connects to allmyapps.typhon.net  (78.109.85.101:80)

TCP (HTTP):
Connects to 94.31.29.3.IPYX-077437-ZYO.above.net  (94.31.29.3:80)

Remove re-markit157.exe - Powered by Reason Core Security