proc.exe

The application proc.exe has been detected as adware by 3 anti-malware scanners.
MD5:
68262e3f5905015da47ed4a29c53d73e

SHA-1:
88934a13b01d481604e30da0b67e122ababca773

SHA-256:
839e58aa30609a4026ebaa75d95756305e6375405971d25e81a31bee0a9afe18

Scanner detections:
3 / 68

Status:
Adware

Explanation:
proc.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:
1/21/2018 9:55:12 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee Web Gateway
BehavesLike.Win32.Ramnit.gh
7.6969

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Adware.50Red.Bench.E
14.10.22.17

File size:
473.5 KB (484,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
10/21/2014 3:08:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:hJLJMZqmWfVxSUHkSvlO0vfkJ5iJ+jzY8CsxaJAdIQFWckKE:G2f2UHkSvlOukzi+YyxaJAdIQE3KE

Entry address:
0x3A8D1

Entry point:
E8, 13, 1C, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 51, 53, 33, DB, 56, 39, 5D, 08, 75, 16, E8, CD, 0B, 00, 00, 6A, 16, 5E, 89, 30, E8, 14, 0B, 00, 00, 8B, C6, E9, 89, 00, 00, 00, 8B, 75, 0C, 85, F6, 74, E3, E8, 70, 3B, 00, 00, 85, C0, 75, 0D, FF, 15, 30, 42, 46, 00, 85, C0, 75, 03, 33, DB, 43, 33, C0, 50, 50, 6A, FF, FF, 75, 08, 89, 06, 50, 53, FF, 15, A8, 40, 46, 00, 89, 45, FC, 85, C0, 75, 11, FF, 15, 68, 41, 46, 00, 50, E8, 58, 0B, 00, 00, 59, 33, C0, EB, 41, 03, C0, 50, E8, E7, 05, 00, 00, 89, 06, 59...
 
[+]

Entropy:
6.5779

Code size:
392.5 KB (401,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a200-195-140-8.deploy.akamaitechnologies.com  (200.195.140.8:80)

TCP (HTTP):
Connects to a200-195-140-17.deploy.akamaitechnologies.com  (200.195.140.17:80)

TCP (HTTP):
Connects to 200-157-208-240.ded.intelignet.com.br  (200.157.208.240:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to 200-157-208-233.ded.intelignet.com.br  (200.157.208.233:80)

TCP (HTTP):
Connects to bd062d0b.virtua.com.br  (189.6.45.11:80)

TCP (HTTP):
Connects to a201-016-134-048.deploy.akamaitechnologies.com  (201.16.134.48:80)

TCP (HTTP):
Connects to a200-195-140-9.deploy.akamaitechnologies.com  (200.195.140.9:80)

TCP (HTTP):
Connects to a201-016-134-145.deploy.akamaitechnologies.com  (201.16.134.145:80)

TCP (HTTP):
Connects to a201-016-134-136.deploy.akamaitechnologies.com  (201.16.134.136:80)

TCP (HTTP):
Connects to a200-195-140-11.deploy.akamaitechnologies.com  (200.195.140.11:80)

TCP (HTTP):
Connects to 200-157-208-248.ded.intelignet.com.br  (200.157.208.248:80)

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to video.sj2.vcmedia.com  (64.156.167.69:80)

TCP (HTTP):
Connects to userimages.imvu.com  (204.225.145.76:80)

TCP (HTTP):
Connects to server-54-192-83-184.mia50.r.cloudfront.net  (54.192.83.184:80)

TCP (HTTP):
Connects to server-52-85-107-66.jax1.r.cloudfront.net  (52.85.107.66:80)

TCP (HTTP):
Connects to server-52-85-107-221.jax1.r.cloudfront.net  (52.85.107.221:80)

TCP (HTTP):
Connects to server-52-84-177-229.gru50.r.cloudfront.net  (52.84.177.229:80)

TCP (HTTP):
Connects to proxy.imvu.com  (204.225.145.59:80)

Remove proc.exe - Powered by Reason Core Security