viewpasswordiyc161.exe

The application viewpasswordiyc161.exe has been detected as adware by 5 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 13958 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program. This is part of the Revizer line of web browser extensions that inject 3rd-party advertisements in the user's web browser as well as setup a proxy server for the browser in order to track behaviors and display context based-ads from various partners (mostly adware).
MD5:
d2eff26646066d2b3c46b050d1b808c2

SHA-1:
609793bc8152cf00c639fa7edb854f71dcc38d94

SHA-256:
208b30e8aaa16b4a6018d59718885cf0a68f56efa130aec3bb35b861b61df292

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 3:15:21 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BNS [PUP]
2014.9-140510

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14510

ESET NOD32
Win32/AdWare.AddLyrics.AK (variant)
8.9746

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Adware.Revizer.S
14.5.10.21

File size:
139 KB (142,336 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\viewpassword\viewpasswordiyc161.exe

File PE Metadata
Compilation timestamp:
4/23/2014 5:03:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:4lp5Bni/yqE884DeclfCs6+0Xt9YW/oka:4lDBibE88Qeclfm99YBk

Entry address:
0xBE87

Entry point:
E8, BB, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, 1E, 42, 00, 00, 74, 05, E9, 16, 59, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Entropy:
6.6909

Code size:
84 KB (86,016 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13958/

Local host port:
13958

Default credentials:
No


The file viewpasswordiyc161.exe has been discovered within the following program.

ViewPassword  by Revizer Technologies
ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-96.ip.secureserver.net  (184.168.221.96:80)

TCP (HTTP):
Connects to server-54-230-206-106.atl50.r.cloudfront.net  (54.230.206.106:80)

TCP (HTTP):
Connects to server-54-192-19-69.iad12.r.cloudfront.net  (54.192.19.69:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to uslax1-vip-bx-005.aaplimg.com  (17.253.27.205:80)

TCP (HTTP):
Connects to uslax1-vip-bx-003.aaplimg.com  (17.253.27.203:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to fa.5f.2bd0.ip4.static.sl-reverse.com  (208.43.95.250:80)

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP):
Connects to c-0001.dc-msedge.net  (131.253.33.50:80)

TCP (HTTP):
Connects to server-54-230-206-58.atl50.r.cloudfront.net  (54.230.206.58:80)

TCP (HTTP):
Connects to server-54-230-206-163.atl50.r.cloudfront.net  (54.230.206.163:80)

TCP (HTTP):
Connects to server-54-230-206-108.atl50.r.cloudfront.net  (54.230.206.108:80)

TCP (HTTP):
Connects to ec2-50-18-158-149.us-west-1.compute.amazonaws.com  (50.18.158.149:80)

TCP (HTTP):
Connects to e8871.x.akamaiedge.net  (68.232.203.70:80)

TCP (HTTP):
Connects to biblioteca.fmed.edu.uy  (164.73.144.18:80)

Remove viewpasswordiyc161.exe - Powered by Reason Core Security