veribrowsewm171.exe

The application veribrowsewm171.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14006 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program VeriBrowse by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address bn1303-g.1drv.com on port 443.
MD5:
6ac2165eb92319000b94c26128e1e4e5

SHA-1:
aa5a184be5cb9c812cc8c8c7197f83a50a354f04

SHA-256:
30efafe303bf34e70a7c5b7f6f0e174fa58f41e92d253babee7c981a92235e35

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 9:39:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.865860
737

Agnitum Outpost
PUA.AddLyrics
7.1.1

Avira AntiVirus
Adware/Agent.179200.2
7.11.197.38

avast!
Win32:Adware-BQV [PUP]
2014.9-150129

AVG
Generic5
2016.0.3215

Bitdefender
Application.Generic.865860
1.0.20.145

Comodo Security
UnclassifiedMalware
20439

Dr.Web
Trojan.Lyrics.257
9.0.1.029

ESET NOD32
Win32/AdWare.AddLyrics.AN (variant)
9.10914

Fortinet FortiGate
Riskware/AddLyrics
1/29/2015

F-Secure
Application.Generic.865860
11.2015-29-01_5

G Data
Application.Generic.865860
15.1.24

K7 AntiVirus
Adware
13.188.14410

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.2568

McAfee
RDN/Generic PUP.x!cpw
5600.6871

MicroWorld eScan
Application.Generic.865860
16.0.0.87

Panda Antivirus
Trj/Genetic.gen
15.01.29.11

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.29.11

Sophos
Generic PUA KK
4.98

Trend Micro House Call
TROJ_GEN.R047C0OKA14
7.2.29

Trend Micro
TROJ_GEN.R047C0OKA14
10.465.29

VIPRE Antivirus
Trojan.Win32.Generic
35982

File size:
175 KB (179,200 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\veribrowse-soft\veribrowsewm171.exe

File PE Metadata
Compilation timestamp:
6/1/2014 6:43:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:KOb01/P/cI22CdmKXmfX9V+Vkx9TOnHlkQLwG7GZ:KOb01/XzTXzZPyHlkQp7GZ

Entry address:
0xE303

Entry point:
E8, 70, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 3C, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 10, 2E, 42, 00, 01, 0F, 82, 5B, 67, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02...
 
[+]

Code size:
95.5 KB (97,792 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14006/

Local host port:
14006

Default credentials:
No


The file veribrowsewm171.exe has been discovered within the following program.

VeriBrowse  by Revizer Technologies
VeriBrowse is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to bn1303-g.1drv.com  (134.170.105.96:443)

Remove veribrowsewm171.exe - Powered by Reason Core Security