» sniffer.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (8)

sniffer.exe

The application sniffer.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 9091 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program WebSearcher by Visual Media Online Ltd which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

sniffer.exe

MD5:

d739a714d9ae2766cd48298f59eafd75

SHA-1:

4c432e669b74bb492b0f018bac6563dcd235c570

SHA-256:

ece5dc778de907eb8b0ed597c04e4f32ce49803df731f103b2f330ff43715cdf

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

12/26/2024 8:42:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Websearcher.A

416

Avira AntiVirus

ADWARE/Websearch.94208.4

8.3.2.4

Arcabit

Adware.Websearcher.A

1.0.0.629

Baidu Antivirus

Adware.Win32.WebSearch

4.0.3.151216

Bitdefender

Adware.Websearcher.A

1.0.20.1750

Emsisoft Anti-Malware

Adware.Websearcher

8.15.12.16.06

Fortinet FortiGate

Adware/Websearch

12/16/2015

F-Secure

Adware.Websearcher.A

11.2015-16-12_4

G Data

Adware.Websearcher

15.12.25

K7 AntiVirus

Riskware

13.212.18088

Kaspersky

not-a-virus:AdWare.Win32.WebSearch

14.0.0.964

MicroWorld eScan

Adware.Websearcher.A

16.0.0.1050

nProtect

Adware.Websearcher.A

15.12.11.01

Panda Antivirus

Trj/CI.A

15.12.16.06

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

VIPRE Antivirus

IBIS.WebSearch Toolbar (not malicious)

45786

Zillya! Antivirus

Adware.BrowseFox.Win32.222443

2.0.0.2560

File size:

92 KB (94,208 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\websearcher\bin\sniffer.exe

File PE Metadata

Compilation timestamp:

11/7/2015 2:00:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:xuBEf5ugzekKoErnE6o1ujT4CpXl8PqKOwt:xiEf5ug+VjE4XKOw

Entry address:

0x3D17

Entry point:

E8, C9, 68, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B... 
[+]

Entropy:

6.2507

Code size:

61 KB (62,464 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:9091/

Local host port:

9091

Default credentials:

The file sniffer.exe has been discovered within the following program.

WebSearcher by Visual Media Online Ltd

websearcher is an adware program that installs as a web browser plugin to inject and display advertisements.

www.websearcher.eu

75% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server213-171-197-9.live-servers.net (213.171.197.9:80)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP SSL):

Connects to msnbot-65-52-108-76.search.msn.com (65.52.108.76:443)

TCP (HTTP):

Connects to ec2-52-45-150-52.compute-1.amazonaws.com (52.45.150.52:80)

TCP (HTTP SSL):

Connects to bl3301-c.1drv.com (134.170.107.48:443)

TCP (HTTP):

Connects to a23-4-59-27.deploy.static.akamaitechnologies.com (23.4.59.27:80)

TCP (HTTP):

Connects to a23-45-197-152.deploy.static.akamaitechnologies.com (23.45.197.152:80)

TCP (HTTP SSL):

Connects to a23-206-199-179.deploy.static.akamaitechnologies.com (23.206.199.179:443)

Remove sniffer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.