home

CCProxy.EXE

CCProxy

Youngzsoft Co., Ltd.

The application CCProxy.EXE by Youngzsoft Co. has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address hosted-by.reliablesite.net on port 6019.
Publisher:
Youngzsoft  (signed by Youngzsoft Co., Ltd.)

Product:
CCProxy

Version:
8, 0, 0, 0

MD5:
ddc8c29f5339465bd6921e7250431555

SHA-1:
b52963321fe7011529ff83c964dce2bf1808268f

SHA-256:
eb9d1d31d995d9eb6349c548094050cd6d72798747fc4baa7fb2c39c696f557f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 4:44:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Youngzso
17.1.13.15

File size:
3.3 MB (3,478,384 bytes)

Product version:
8, 0, 0, 0

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCProxy.EXE

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Youngzsoft Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/26/2015 5:30:00 AM

Valid to:
5/15/2018 5:29:59 AM

Subject:
CN="Youngzsoft Co., Ltd.", OU=Software Development, O="Youngzsoft Co., Ltd.", L=Changsha, S=Hunan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72D5CAF59A3CC644C573E13EA0892EAB

File PE Metadata
Compilation timestamp:
1/13/2017 8:49:59 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1823B4

Entry point:
48, 83, EC, 28, E8, 93, D1, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 6C, 24, 18, 48, 89, 74, 24, 20, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 20, 49, 63, 78, 0C, 4C, 8B, F9, 49, 8B, C8, 49, 8B, E9, 4D, 8B, E8, 4C, 8B, F2, E8, 94, D2, 00, 00, 4D, 8B, 17, 4C, 89, 55, 00, 44, 8B, E0, 85, FF, 0F, 84, 85, 00, 00, 00, 48, 8D, 0C, BF, 48, 8D, 34, 8D, EC, FF, FF, FF, 49, 63, 5D, 10, 49, 03, 5E, 08, 48, 03, DE, 44, 3B, 63, 04, 7E, 49, 44, 3B, 63, 08, 7F, 43, 49, 8B, 0E...
 
[+]

Entropy:
6.2815

Code size:
1.9 MB (1,965,056 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lga3.facebook.com  (31.13.71.1:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.41:80)

TCP (HTTP):
Connects to ir2.fp.vip.bf1.yahoo.com  (98.139.183.24:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lga3.facebook.com  (31.13.71.36:443)

TCP (HTTP):
Connects to ir1.fp.vip.bf1.yahoo.com  (98.139.180.149:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP:
Connects to v-66-150-188-58.unman-vds.internap-la.nfoservers.com  (66.150.188.58:5001)

TCP (HTTP):
Connects to ns534148.ip-149-56-240.net  (149.56.240.21:80)

TCP (HTTP):
Connects to ir1.fp.vip.gq1.yahoo.com  (206.190.36.45:80)

TCP:
Connects to hosted-by.reliablesite.net  (45.58.127.202:6019)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sit4.facebook.com  (31.13.78.13:443)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP:
Connects to asmpx.sulphurator.net  (162.251.164.120:3003)

TCP (HTTP SSL):
Connects to a23-34-110-175.deploy.static.akamaitechnologies.com  (23.34.110.175:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lga3.fbcdn.net  (31.13.71.7:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:80)

TCP:
Connects to WIN-Q7QRT1MSO0N  (149.202.141.193:5020)

TCP:
Connects to WIN-ID021AP62NQ  (14.1.30.171:5001)

TCP:
Connects to v-64-94-100-206.unman-vds.internap-la.nfoservers.com  (64.94.100.206:5776)

Remove CCProxy.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.