home

proc.exe

The application proc.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address vip080.ssl.hwcdn.net on port 80 using the HTTP protocol.
MD5:
f6271d148df4dd15d8744b73b095e139

SHA-1:
02394adb130c2ba8d14db196d78718a613d64f19

SHA-256:
f086b758c88b6a2d875512ce4bb17417b30894b9b4d76d3be16923827d29a270

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 11:52:53 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.50Red.Bench.E
14.11.14.3

File size:
475.5 KB (486,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
11/11/2014 10:42:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:P/hGNotAqAz3emWX5RUxICPHYL8pdAAytR:HIqS3emCUxICekdA/t

Entry address:
0x3B431

Entry point:
E8, 21, 1C, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 51, 53, 33, DB, 56, 39, 5D, 08, 75, 16, E8, CD, 0B, 00, 00, 6A, 16, 5E, 89, 30, E8, 14, 0B, 00, 00, 8B, C6, E9, 89, 00, 00, 00, 8B, 75, 0C, 85, F6, 74, E3, E8, 70, 3B, 00, 00, 85, C0, 75, 0D, FF, 15, 2C, 42, 46, 00, 85, C0, 75, 03, 33, DB, 43, 33, C0, 50, 50, 6A, FF, FF, 75, 08, 89, 06, 50, 53, FF, 15, A8, 40, 46, 00, 89, 45, FC, 85, C0, 75, 11, FF, 15, 64, 41, 46, 00, 50, E8, 58, 0B, 00, 00, 59, 33, C0, EB, 41, 03, C0, 50, E8, E7, 05, 00, 00, 89, 06, 59...
 
[+]

Code size:
394.5 KB (403,968 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:3128/

Local host port:
3128

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to a72-247-182-27.deploy.akamaitechnologies.com  (72.247.182.27:80)

TCP (HTTP):
Connects to vip080.ssl.hwcdn.net  (205.185.208.80:80)

TCP (HTTP):
Connects to streaming206.radionomy.net  (31.12.68.206:80)

TCP (HTTP):
Connects to i42.158.178.82.omantel.net.om  (82.178.158.42:80)

TCP (HTTP):
Connects to haproxy7.ca.servers.visadd.com  (198.50.251.252:80)

TCP (HTTP):
Connects to feed.tunein.com  (204.69.221.78:80)

TCP (HTTP):
Connects to ec2-54-225-216-1.compute-1.amazonaws.com  (54.225.216.1:80)

TCP (HTTP):
Connects to ec2-107-21-231-22.compute-1.amazonaws.com  (107.21.231.22:80)

TCP (HTTP):
Connects to dlm3.eset.com  (38.90.226.10:80)

TCP (HTTP SSL):
Connects to cloud.gti.mcafee.com  (8.21.161.6:443)

TCP (HTTP):
Connects to a72-247-182-51.deploy.akamaitechnologies.com  (72.247.182.51:80)

TCP (HTTP):
Connects to a72-247-182-17.deploy.akamaitechnologies.com  (72.247.182.17:80)

TCP (HTTP):
Connects to a72-246-43-50.deploy.akamaitechnologies.com  (72.246.43.50:80)

TCP (HTTP):
Connects to a23-67-243-50.deploy.static.akamaitechnologies.com  (23.67.243.50:80)

TCP (HTTP):
Connects to a23-3-90-234.deploy.static.akamaitechnologies.com  (23.3.90.234:80)

TCP (HTTP):
Connects to a23-209-183-18.deploy.static.akamaitechnologies.com  (23.209.183.18:80)

TCP (HTTP):
Connects to a2-16-153-48.deploy.akamaitechnologies.com  (2.16.153.48:80)

TCP (HTTP):
Connects to 72.60.149.201.in-addr.arpa  (201.149.60.72:80)

TCP (HTTP):
Connects to 23.111.9.14.rdns.as15003.net  (23.111.9.14:80)

Remove proc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.