viewpasswordem161.exe

The application viewpasswordem161.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13849 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program.
MD5:
368606ea700050b2250bb37973e05ba7

SHA-1:
b84eaa8766e81b141ad7ac410b2a7b7bb7a713cd

SHA-256:
8a1bbc90aec26329e08d845b04644dd69c84bf7613f9a1c85faf33c5217c2b70

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:57:42 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BNS [PUP]
2014.9-140618

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14618

ESET NOD32
Win32/AdWare.AddLyrics.AK (variant)
8.9783

Reason Heuristics
Threat.Win.Reputation.IMP
14.6.18.11

File size:
139 KB (142,336 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\viewpassword-soft\viewpasswordem161.exe

File PE Metadata
Compilation timestamp:
4/22/2014 11:16:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:21gKKvtdxguvwDg8mfHy3OuXt/IxnQJn:21Pq9guvIg8mfPu9sWn

Entry address:
0xBE67

Entry point:
E8, BB, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, 1E, 42, 00, 00, 74, 05, E9, 16, 59, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Code size:
84 KB (86,016 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13849/

Local host port:
13849

Default credentials:
No


The file viewpasswordem161.exe has been discovered within the following program.

ViewPassword  by Revizer Technologies
ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-5-9.dfw3.r.cloudfront.net  (54.230.5.9:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP):
Connects to server-54-230-7-144.dfw3.r.cloudfront.net  (54.230.7.144:80)

TCP (HTTP):
Connects to CableLink-200-188-128-138.Hosts.Cablevision.com.mx  (200.188.128.138:80)

TCP (HTTP):
Connects to 32.149.96.66.static.eigbox.net  (66.96.149.32:80)

Remove viewpasswordem161.exe - Powered by Reason Core Security