home

viewpasswordht161.exe

The application viewpasswordht161.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ViewPassword”. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address a1plpkivs-v01.any.prod.ash1.secureserver.net on port 80 using the HTTP protocol.
MD5:
c0ffecb47629a4c5e7969de7e8812dea

SHA-1:
e7a7dd8fad4a0026714bb68a08e644831bf09fd2

SHA-256:
bf7e8a46b1e3627e47b0b7584024f397f0815fd2c69e802f621b96a0a47d69ef

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:53:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.644630
940

AhnLab V3 Security
Trojan/Win32.HDC
2014.06.10

avast!
Win32:Adware-BNS [PUP]
140617-1

AVG
Adware Generic5.AUGP
2014.0.3986

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.1479

Bitdefender
Application.Generic.644630
1.0.20.950

Comodo Security
ApplicUnwnt
18496

ESET NOD32
Win32/AdWare.AddLyrics.AK application
7.0.302.0

Fortinet FortiGate
Riskware/AddLyrics
7/9/2014

F-Secure
Application.Generic.644630
11.2014-09-07_4

G Data
Application.Generic.644630
14.7.24

IKARUS anti.virus
AdWare.AddLyrics
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.1712348

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Lyckriks
14.0.0.3585

McAfee
Artemis!C0FFECB47629
5600.7070

MicroWorld eScan
Application.Generic.644630
15.0.0.570

NANO AntiVirus
Riskware.Win32.Lyckriks.czgnty
0.28.0.60253

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.9.22

Sophos
Generic PUA LJ
4.98

Trend Micro House Call
TROJ_GEN.F47V0602
7.2.190

VIPRE Antivirus
Trojan.Win32.Generic
30146

File size:
140.5 KB (143,872 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\viewpassword-soft\viewpasswordht161.exe

File PE Metadata
Compilation timestamp:
5/11/2014 10:52:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:qBcGvxkkUGQCjsDMJNvMp0xOXti4S5cqUgN3y:qBrKYQCjkMJNvNO9iL5ccNC

Entry address:
0xBE67

Entry point:
E8, BB, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, 1E, 42, 00, 00, 74, 05, E9, 16, 59, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Entropy:
6.6996

Code size:
84 KB (86,016 bytes)

Service
Display name:
ViewPassword

Type:
Win32OwnProcess


The file viewpasswordht161.exe has been discovered within the following program.

ViewPassword  by Revizer Technologies
ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to a1plpkivs-v01.any.prod.ash1.secureserver.net  (72.167.239.237:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to a23-4-187-27.deploy.static.akamaitechnologies.com  (23.4.187.27:80)

Remove viewpasswordht161.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.