home

proc.exe

The application proc.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
9bca83e577d28be37d2ea2fb8d83826f

SHA-1:
ae510301fb7d1eb8298177a2a3209d4abf55c448

SHA-256:
a0d268162e3fd5165f96ac6dcbbb09f8114568fdb4d7f590390b18c38f99e0ff

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/26/2024 12:23:36 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.WirSen
1.3.0.4959

Reason Heuristics
Adware.Bench.E
14.6.19.23

File size:
413 KB (422,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
6/6/2014 4:26:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:AaaclL4hL53Um67shxl0aofG31aTHpKdu0r2YHG7dHAkhSt4Oi:bacmL5+waq1SHpKdu0LHG75AkhSt4

Entry address:
0x360F0

Entry point:
E8, F4, F9, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 68, 20, 46, 00, E8, 6A, 4A, 00, 00, 6A, 0E, E8, 09, FC, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 50, 5B, 46, 00, BA, 4C, 5B, 46, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, A1, A1, FF, FF, 59, FF, 76, 04, E8, 98, A1, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 59, 4A, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, BD, FA, 00, 00, 59, C3, 6A, 0C, 68, 88, 20, 46...
 
[+]

Entropy:
6.6265

Code size:
353.5 KB (361,984 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:3128/

Local host port:
3128

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP SSL):
Connects to ec2-54-93-159-156.eu-central-1.compute.amazonaws.com  (54.93.159.156:443)

TCP (HTTP SSL):
Connects to ec2-35-157-33-76.eu-central-1.compute.amazonaws.com  (35.157.33.76:443)

TCP (HTTP):
Connects to rack1u42.hispaweb.net  (109.70.128.160:80)

TCP (HTTP):
Connects to rack10u28.hispaweb.net  (93.189.33.84:80)

TCP (HTTP):
Connects to rack10u15.hispaweb.net  (93.189.33.101:80)

TCP (HTTP):
Connects to pc-104-255-46-190.cm.vtr.net  (190.46.255.104:80)

TCP (HTTP):
Connects to float.1200.bm-impbus.prod.sin1.adnexus.net  (103.243.222.25:80)

TCP (HTTP):
Connects to float.1197.bm-impbus.prod.sin1.adnexus.net  (103.243.222.27:80)

TCP (HTTP SSL):
Connects to ec2-52-57-98-149.eu-central-1.compute.amazonaws.com  (52.57.98.149:443)

TCP (HTTP):
Connects to ec2-50-16-209-28.compute-1.amazonaws.com  (50.16.209.28:80)

TCP (HTTP):
Connects to ec2-23-23-203-218.compute-1.amazonaws.com  (23.23.203.218:80)

TCP (HTTP):
Connects to a96-17-177-10.deploy.akamaitechnologies.com  (96.17.177.10:80)

TCP (HTTP):
Connects to a96-16-6-131.deploy.akamaitechnologies.com  (96.16.6.131:80)

TCP (HTTP SSL):
Connects to a92-123-65-116.deploy.akamaitechnologies.com  (92.123.65.116:443)

TCP (HTTP):
Connects to a88-221-93-22.deploy.akamaitechnologies.com  (88.221.93.22:80)

TCP (HTTP):
Connects to a80-228-47-65.deploy.akamai.com  (80.228.47.65:80)

TCP (HTTP):
Connects to a80-228-47-58.deploy.akamai.com  (80.228.47.58:80)

TCP (HTTP):
Connects to a80-228-47-56.deploy.akamai.com  (80.228.47.56:80)

Remove proc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.