home

CCProxy.EXE

CCProxy

Youngzsoft Co., Ltd.

The application CCProxy.EXE by Youngzsoft Co. has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address WIN-ID021AP62NQ on port 5502.
Publisher:
Youngzsoft  (signed by Youngzsoft Co., Ltd.)

Product:
CCProxy

Version:
8, 0, 0, 0

MD5:
3e0c02558bdf66e0a14f463013bb0f26

SHA-1:
63e30941e8f5c4fbf3e8ddf320a353799c71566e

SHA-256:
4996a85a864a918a02de4b5d7df9c760d767195976e35372ea74b58c37ed9281

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 5:38:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Youngzso
16.7.22.5

File size:
2.5 MB (2,624,880 bytes)

Product version:
8, 0, 0, 0

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCProxy.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Youngzsoft Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/26/2015 8:00:00 AM

Valid to:
5/15/2018 7:59:59 AM

Subject:
CN="Youngzsoft Co., Ltd.", OU=Software Development, O="Youngzsoft Co., Ltd.", L=Changsha, S=Hunan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72D5CAF59A3CC644C573E13EA0892EAB

File PE Metadata
Compilation timestamp:
7/22/2016 9:57:46 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:uEEUGD4SUc35nDx1qbhMyM/2EZzhLTkyyA0N:uEEUspD9nqbhE2EN6A0N

Entry address:
0x1277D4

Entry point:
E8, 2F, DE, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 50, 78, 52, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, B4, 6B, 03, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.4820

Code size:
1.4 MB (1,516,032 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-57-232-49.deploy.static.akamaitechnologies.com  (23.57.232.49:443)

TCP (HTTP):
Connects to server-52-84-102-178.del51.r.cloudfront.net  (52.84.102.178:80)

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

TCP:
Connects to ip-172-16-8-9.ec2.internal  (172.16.8.9:49319)

TCP:
Connects to ip-172-16-8-11.ec2.internal  (172.16.8.11:49165)

TCP:
Connects to ip-172-16-2-67.ec2.internal  (172.16.2.67:39076)

TCP:
Connects to ip-172-16-2-56.ec2.internal  (172.16.2.56:34636)

TCP:
Connects to ip-172-16-2-45.ec2.internal  (172.16.2.45:47107)

TCP:
Connects to ip-172-16-222-27.ec2.internal  (172.16.222.27:35086)

TCP:
Connects to ip-172-16-1-230.ec2.internal  (172.16.1.230:34277)

TCP:
Connects to ip-172-16-1-221.ec2.internal  (172.16.1.221:33703)

TCP:
Connects to ip-172-16-10-43.ec2.internal  (172.16.10.43:33767)

TCP:
Connects to ip-172-16-10-220.ec2.internal  (172.16.10.220:32803)

TCP:
Connects to ip-172-16-10-141.ec2.internal  (172.16.10.141:35261)

TCP:
Connects to ip-172-16-10-131.ec2.internal  (172.16.10.131:42431)

TCP:
Connects to ip-172-16-10-107.ec2.internal  (172.16.10.107:38916)

TCP (HTTP SSL):
Connects to global-turbo2-lvs-hopper.opera-mini.net  (37.228.107.239:443)

TCP (HTTP):
Connects to global-4-lvs-colossus-1.opera-mini.net  (141.0.11.241:80)

TCP (HTTP):
Connects to global-4-lvs-colossus.opera-mini.net  (141.0.11.253:80)

TCP (HTTP):
Connects to ec2-54-64-180-14.ap-northeast-1.compute.amazonaws.com  (54.64.180.14:80)

Remove CCProxy.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.