home

Foxy.exe

Foxy Client

Foxy, Inc.

Publisher:
Foxy, Inc.

Product:
Foxy Client

Description:
Foxy Network Client Application

Version:
1.9.8.0

MD5:
6b91a18d04e26eedf4ba6d11e6cca001

SHA-1:
0658f685cca412b1287f27ff2afdba9873a0241f

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/30/2025 6:55:26 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
HW32.CDB
1.3.0.4613

Comodo Security
Heur.Suspicious
17533

McAfee
Artemis!6B91A18D04E2
5600.7263

Vba32 AntiVirus
Backdoor.Agent
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
25006

File size:
1.1 MB (1,160,704 bytes)

Product version:
1.9.8.0

Copyright:
(c) 2005-2008 by Foxy, Inc. All rights reserved.

Original file name:
Foxy.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\foxy\foxy.exe

File PE Metadata
Compilation timestamp:
5/29/2008 7:37:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:4+pxh3wcL0EIWXGt8yh/bOb06pnujhfH9d8cuklR7:487+3WEPh/bICP5jB

Entry address:
0x1000

Entry point:
B8, 5C, 2F, 72, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 22, E8, 4A, 41, FD, F0, EF, B5, 6B, 08, 0B, C6, B0, AB, AC, 3A, D6, C5, CA, C1, 31, 8E, B6, CA, C1, 33, E4, 97, 6D, 31, 66, 61, AE, A5, A6, 50, E8, 34, 63, AD, 5E, 91, 40, 1F, 2E, 07, 29, E0, 94, 77, 67, 40, D8, F3, 76, AE, 36, 4E, 86, FD, 2C, F9, BF, 64, D7, 19, 69, 31, 05, AD, 4E, 8A, C0, 95, C8, 84, 9F, F8, 4A, 1C, C0, 6B, FE, D0, DB, E4, 2B, 9B, 0A, 6F, 54, D0, 47...
 
[+]

Entropy:
7.9837

Packer / compiler:
PECompact v2

Code size:
1.9 MB (2,002,944 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\Foxy\Foxy.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 45.32.23.32.vultr.com  (45.32.23.32:2108)

TCP (HTTP):
Connects to server-52-84-203-54.tpe50.r.cloudfront.net  (52.84.203.54:80)

TCP (HTTP SSL):
Connects to essoduke.org  (96.126.102.130:443)

TCP (HTTP SSL):
Connects to ec2-52-68-190-214.ap-northeast-1.compute.amazonaws.com  (52.68.190.214:443)

TCP (HTTP):
Connects to a23-41-139-27.deploy.static.akamaitechnologies.com  (23.41.139.27:80)

TCP (HTTP SSL):
Connects to 123-125-232-198.static.unitasglobal.net  (198.232.125.123:443)

TCP:
Connects to 36-228-127-43.dynamic-ip.hinet.net  (36.228.127.43:5307)

TCP (HTTP SSL):
Connects to server-54-230-213-27.tpe50.r.cloudfront.net  (54.230.213.27:443)

TCP (HTTP SSL):
Connects to server-54-230-213-205.tpe50.r.cloudfront.net  (54.230.213.205:443)

TCP (HTTP):
Connects to server-52-84-203-62.tpe50.r.cloudfront.net  (52.84.203.62:80)

TCP (HTTP):
Connects to server-52-84-203-61.tpe50.r.cloudfront.net  (52.84.203.61:80)

TCP (HTTP):
Connects to server-52-84-203-212.tpe50.r.cloudfront.net  (52.84.203.212:80)

TCP (HTTP):
Connects to server-52-84-203-176.tpe50.r.cloudfront.net  (52.84.203.176:80)

TCP (HTTP):
Connects to server-52-84-203-174.tpe50.r.cloudfront.net  (52.84.203.174:80)

TCP (HTTP):
Connects to server-52-84-203-172.tpe50.r.cloudfront.net  (52.84.203.172:80)

TCP (HTTP):
Connects to server-52-84-203-15.tpe50.r.cloudfront.net  (52.84.203.15:80)

TCP (HTTP):
Connects to server-52-84-203-117.tpe50.r.cloudfront.net  (52.84.203.117:80)

TCP (HTTP):
Connects to server-52-84-203-100.tpe50.r.cloudfront.net  (52.84.203.100:80)

TCP (HTTP):
Connects to sao.dwbo.nl  (82.201.113.125:80)

TCP:
Connects to n11649143068.netvigator.com  (116.49.143.68:9791)

Scan Foxy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.