» proc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

proc.exe

The application proc.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

proc.exe

MD5:

e4e9011df937075d3e5ca51eb56e0122

SHA-1:

88f2e899f5ec0300b451cc37c05aed5546f6757d

SHA-256:

256f7d9a18c097f88407e814c0f7610b3388dd23f562b336e7fb7a4b14a4a0c2

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/25/2024 3:24:14 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.WirSen

1.3.0.4959

Reason Heuristics

Threat.Win.Reputation

14.6.9.15

File size:

401 KB (410,624 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\bench\proxy\proc.exe

File PE Metadata

Compilation timestamp:

5/23/2014 6:40:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:7TKdqN8AzMRFdzXSOt93+HTDU7e/BQqzWMpCux+qQufshJE:7md08zRF9Xr9WDIe/aqzWMjx+xufsh

Entry address:

0x331F0

Entry point:

E8, 24, F8, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 80, F0, 45, 00, E8, 1A, 49, 00, 00, 6A, 0E, E8, 39, FA, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 90, 2A, 46, 00, BA, 8C, 2A, 46, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, ED, A2, FF, FF, 59, FF, 76, 04, E8, E4, A2, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 09, 49, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, ED, F8, 00, 00, 59, C3, 6A, 0C, 68, A0, F0, 45... 
[+]

Entropy:

6.6304

Code size:

342.5 KB (350,720 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:3128/

Local host port:

3128

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP):

Connects to a23-63-227-153.deploy.static.akamaitechnologies.com (23.63.227.153:80)

TCP (HTTP):

Connects to a23-62-96-195.deploy.static.akamaitechnologies.com (23.62.96.195:80)

TCP (HTTP):

Connects to a184-29-104-243.deploy.static.akamaitechnologies.com (184.29.104.243:80)

Remove proc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.