» re-markit157.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)
Network (3)

re-markit157.exe

The application re-markit157.exe has been detected as adware by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Re-markit”. This executable runs as a local area network (LAN) Internet proxy server listening on port 13828 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Re-markit by Revizer Technologies which is a potentially unwanted software program. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).

File name:

re-markit157.exe

MD5:

e3f4cba830662ef0b27de793fcc96e1b

SHA-1:

ca0693533533521ec324344e2c085132f61529e0

SHA-256:

f86095c7c85be03bb92df6fb212b90b756253b7626fa15418675eb25cb159373

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

11/24/2024 7:22:23 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-140324

G Data

Win32.Trojan.Agent.8FUIVW

14.3.24

McAfee

Adware-AddLyrics!E3F4CBA83066

5600.7181

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Reason Heuristics

Adware.Revizer.Remarkit.Service.M

14.8.13.22

Trend Micro House Call

TROJ_GEN.F47V0315

7.2.83

File size:

190.5 KB (195,072 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\re-markit-soft\re-markit157.exe

File PE Metadata

Compilation timestamp:

3/12/2014 1:06:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

3072:qBaBbGtFEHIJ8LRCuHqm/95G5HQoEpn4wRwxVfAWTBf4rZ8Zj/bn3go3:qBaByVSLRCe/95qHQL/WxVIWTBw1ajTB

Entry address:

0x14D82

Entry point:

E8, B5, 5A, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, EC, EE, 42, 00, 00, 74, 05, E9, 1B, 5B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24... 
[+]

Entropy:

6.7581

Code size:

121 KB (123,904 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:13828/

Local host port:

13828

Default credentials:

Service

Display name:

Re-markit

Type:

Win32OwnProcess

The file re-markit157.exe has been discovered within the following program.

Re-markit by Revizer Technologies

This is a potentially unwanted web browser extension that is designed to deliver search-based hijacking as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.

www.best-markit.com

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-107-21-251-40.compute-1.amazonaws.com (107.21.251.40:80)

TCP (HTTP):

Connects to allmyapps.typhon.net (78.109.85.101:80)

TCP (HTTP):

Connects to 94.31.29.3.IPYX-077437-ZYO.above.net (94.31.29.3:80)

Remove re-markit157.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.