home

CCProxy.EXE

CCProxy

Youngzsoft Co., Ltd.

The application CCProxy.EXE by Youngzsoft Co. has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address li365-173.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Youngzsoft  (signed by Youngzsoft Co., Ltd.)

Product:
CCProxy

Version:
8, 0, 0, 0

MD5:
5588ed8286bb541705eb36d0af7f6128

SHA-1:
ca9c3eb9838b9231cad04fdbf2195d64e4c3366e

SHA-256:
a298c2f59c69e39d15a18651b9590a40241a04776e580d666759c9e8f3b416c1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 1:38:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Youngzso
16.5.5.18

File size:
2.5 MB (2,602,352 bytes)

Product version:
8, 0, 0, 0

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCProxy.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Youngzsoft Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/26/2015 5:30:00 AM

Valid to:
5/15/2018 5:29:59 AM

Subject:
CN="Youngzsoft Co., Ltd.", OU=Software Development, O="Youngzsoft Co., Ltd.", L=Changsha, S=Hunan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72D5CAF59A3CC644C573E13EA0892EAB

File PE Metadata
Compilation timestamp:
5/3/2016 12:39:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:hWQsZ/H1grAvyRtllqdhPMcXSTTvxrcT8yyA0N:hWQsRHKrZ/qdhPGTvfA0N

Entry address:
0x123504

Entry point:
E8, 2F, DE, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 80, 35, 52, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, A4, 6B, 03, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.4782

Code size:
1.4 MB (1,498,112 bytes)

Windows Firewall Allowed Program
Name:
ccproxy


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

TCP (HTTP):
Connects to a184-84-96-179.deploy.static.akamaitechnologies.com  (184.84.96.179:80)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP):
Connects to 10.226.88.202.asianet.co.in  (202.88.226.10:80)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP SSL):
Connects to static.118.136.9.176.clients.your-server.de  (176.9.136.118:443)

TCP (HTTP SSL):
Connects to server-52-84-102-222.del51.r.cloudfront.net  (52.84.102.222:443)

TCP (HTTP SSL):
Connects to hk2sch130020831.wns.windows.com  (111.221.29.83:443)

TCP (HTTP SSL):
Connects to hk2sch130020824.wns.windows.com  (111.221.29.82:443)

TCP (HTTP SSL):
Connects to ec2-54-197-242-167.compute-1.amazonaws.com  (54.197.242.167:443)

TCP (HTTP):
Connects to ec2-52-20-202-243.compute-1.amazonaws.com  (52.20.202.243:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

Remove CCProxy.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.