z3kb183.exe

The application z3kb183.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14169 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 203.130.48.151-BJ-CNC on port 80 using the HTTP protocol.
MD5:
8d7f2dcf92d4a204369bbc52837f02a7

SHA-1:
cd44f38b10e131d71cedb5171402fdd3547db5ab

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:10:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.164707
393

Agnitum Outpost
PUA.AddLyrics
7.1.1

AhnLab V3 Security
Adware/Win32.AddLyrics
2015.05.09

avast!
Win32:Adware-CAU [Adw]
2014.9-160107

AVG
Generic5
2017.0.2871

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.1617

Bitdefender
Gen:Variant.Adware.Graftor.164707
1.0.20.35

Comodo Security
ApplicUnwnt
22046

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.164707
8.16.01.07.10

ESET NOD32
Win32/Adware.AddLyrics.DI (variant)
10.11598

Fortinet FortiGate
Riskware/AddLyrics
1/7/2016

F-Prot
W32/A-4aecb773
v6.4.7.1.166

G Data
Gen:Variant.Adware.Graftor.164707
16.1.25

K7 AntiVirus
Adware
13.203.15849

McAfee
Artemis!8D7F2DCF92D4
5600.6527

MicroWorld eScan
Gen:Variant.Adware.Graftor.164707
17.0.0.21

Panda Antivirus
Trj/Genetic.gen
16.01.07.10

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

SUPERAntiSpyware
Adware.AddLyrics/Variant
9399

VIPRE Antivirus
Trojan.Win32.Generic
40066

Zillya! Antivirus
Adware.AddLyrics.Win32.948
2.0.0.2173

File size:
132.5 KB (135,680 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver2blockandsurf\z3kb183.exe

File PE Metadata
Compilation timestamp:
11/19/2014 12:39:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
1536:dU6NqVuPaNoWOiMGsuPoUKmWGyfKoLKNBfFfdMuwE8evcGxrsWjcdtm+z2ZBfbhs:dzgAwbpyfKlLFYefUtm+z2ZBED

Entry address:
0x9409

Entry point:
E8, 58, 5B, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, 25, 9C, EA, 41, 00, 00, 83, EC, 10, 53, 33, DB, 43, 09, 1D, E8, D0, 41, 00, 6A, 0A, E8, 8B, B0, 00, 00, 85, C0, 0F, 84, 0E, 01, 00, 00, 33, C9, 8B, C3, 89, 1D, 9C, EA, 41, 00, 0F, A2, 56, 8B, 35, E8, D0, 41, 00, 57, 8D, 7D, F0, 83, CE, 02, 89, 07, 89, 5F, 04, 89, 4F, 08, 89, 57, 0C, F7, 45, F8, 00, 00, 10, 00, 89, 35, E8, D0, 41, 00, 74, 13, 83, CE, 04, C7, 05, 9C, EA, 41, 00, 02, 00, 00, 00, 89, 35, E8, D0, 41, 00, F7, 45, F8, 00, 00, 00, 10, 74, 13...
 
[+]

Code size:
78 KB (79,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14169/

Local host port:
14169

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 203.130.48.150-BJ-CNC  (203.130.48.150:80)

TCP (HTTP):
Connects to 203.130.48.151-BJ-CNC  (203.130.48.151:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to 203.130.48.14-BJ-CNC  (203.130.48.14:80)

Remove z3kb183.exe - Powered by Reason Core Security