» viewpasswordoo174.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (26)

viewpasswordoo174.exe

The application viewpasswordoo174.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14429 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address edge-video-shv-01-mxp1.fbcdn.net on port 443.

File name:

MD5:

f6804b775f74c1e248e569f49fd1acff

SHA-1:

07337439639b533fee31e47a46147e96fa23e75d

SHA-256:

80e131ed6eed3f318e3a3d088e22a983aa27347e4f4e33d32a29287baf8a63e8

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

1/1/2025 6:04:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.AddLyrics.11

940

Avira AntiVirus

Adware/AddLyrics.11.30

7.11.158.148

avast!

Win32:Adware-BSL [PUP]

2014.9-140628

AVG

Generic5

2015.0.3430

Baidu Antivirus

Adware.Win32.Agent

4.0.3.14628

Bitdefender

Gen:Variant.Adware.AddLyrics.11

1.0.20.950

Emsisoft Anti-Malware

Gen:Variant.Adware.AddLyrics.11

8.14.07.09.02

ESET NOD32

Win32/AdWare.AddLyrics.AQ (variant)

8.10012

Fortinet FortiGate

Riskware/AddLyrics

7/9/2014

F-Secure

Gen:Variant.Adware.AddLyrics.11

11.2014-09-07_4

G Data

Gen:Variant.Adware.AddLyrics.11

14.7.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3645

McAfee

Artemis!F6804B775F74

5600.7086

MicroWorld eScan

Gen:Variant.Adware.AddLyrics.11

15.0.0.570

NANO AntiVirus

Riskware.Win32.Agent.dbyywp

0.28.0.60577

Qihoo 360 Security

Win32/Virus.Adware.5c6

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.9.14

Sophos

Generic PUA AH

4.98

File size:

175 KB (179,200 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\-viewpassword-soft\viewpasswordoo174.exe

File PE Metadata

Compilation timestamp:

6/25/2014 3:17:21 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

1536:a851pFYJeLindWMipzlcHmZyemx10Fq4NfvBbbQaiBJQr+BncDHsWjcd5aftvmts:F6JrSzlGU5bQasK+BlEFvm+dwwQcJ

Entry address:

0xDF8D

Entry point:

E8, D6, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 3C, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 10, 2E, 42, 00, 01, 0F, 82, BB, 67, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA... 
[+]

Entropy:

6.3859

Code size:

94.5 KB (96,768 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14429/

Local host port:

14429

Default credentials:

The file viewpasswordoo174.exe has been discovered within the following program.

ViewPassword by Revizer Technologies

ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to edge-star-shv-01-mxp1.facebook.com (31.13.86.8:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-mxp1.facebook.com (31.13.86.36:443)

TCP (HTTP SSL):

Connects to rtr3.l7.search.vip.ir2.yahoo.com (217.12.15.96:443)

TCP (HTTP SSL):

Connects to edge-video-shv-01-mxp1.fbcdn.net (31.13.86.15:443)

TCP (HTTP SSL):

Connects to e2.ycpi.vip.deb.yahoo.com (87.248.118.23:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-mxp1.fbcdn.net (31.13.86.4:443)

TCP (HTTP SSL):

Connects to edge-turnservice-shv-01-mxp1.facebook.com (31.13.86.54:443)

TCP (HTTP SSL):

Connects to a104-83-106-180.deploy.static.akamaitechnologies.com (104.83.106.180:443)

TCP (HTTP):

Connects to 97.47.37a9.ip4.static.sl-reverse.com (169.55.71.151:80)

TCP (HTTP):

Connects to t-ams5.mplxtms.com (63.215.202.72:80)

TCP (HTTP SSL):

Connects to server-54-192-25-4.mxp4.r.cloudfront.net (54.192.25.4:443)

TCP (HTTP SSL):

Connects to lu5.api.mega.nz (31.216.147.136:443)

TCP (HTTP SSL):

Connects to a23-45-106-123.deploy.static.akamaitechnologies.com (23.45.106.123:443)

TCP (HTTP):

Connects to a23-40-171-97.deploy.static.akamaitechnologies.com (23.40.171.97:80)

TCP:

Connects to 69.46.36.10.static.sea1.net.bytegrid.com (69.46.36.10:4011)

TCP (HTTP):

Connects to xmpp270n003.karere.mega.nz (31.216.147.161:80)

TCP (HTTP SSL):

Connects to r2.ycpi.vip.ir2.yahoo.net (217.12.13.41:443)

TCP (HTTP SSL):

Connects to no-rdns.m247.ro (185.120.144.78:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP SSL):

Connects to ec2-54-171-167-130.eu-west-1.compute.amazonaws.com (54.171.167.130:443)

Remove viewpasswordoo174.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.