» TTVProxy_win.exe
Overview
Analysis
File Details
Downloads (1)

TTVProxy_win.exe

TTVProxy

Hillside Assets Ltd

The application TTVProxy_win.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. The file has been seen being downloaded from wildfire.paloaltonetworks.com.

File name:

TTVProxy_win.exe

Publisher:

Hillside Assets Ltd

Product:

TTVProxy

Description:

TTVProxy_win

Version:

2.0.0.0

MD5:

ff228ab02c77f7fc9eea3ad366bad683

SHA-1:

f60416e8b0e8ea514d084cb422ca30a83758209b

SHA-256:

98f0edd65c394d0ac3cfd430fddfdf2436af043286440d9b4df700b3321a85e9

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:21:53 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

Avira AntiVirus

TR/Rogue.11677870

3.6.1.96

AVG

MSIL4

2016.0.3151

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.1542

Comodo Security

UnclassifiedMalware

21579

ESET NOD32

MSIL/Kryptik.ABJ (variant)

9.11393

Fortinet FortiGate

MSIL/Kryptik.ABJ!tr

4/2/2015

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15417

McAfee

RDN/Generic.dx!dgf

5600.6807

NANO AntiVirus

Trojan.Win32.Rogue.dhztfa

0.30.8.659

Norman

Suspicious_Gen2.VYTQQ

11.20150402

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0EJR14

7.2.92

Trend Micro

TROJ_GEN.R0C1C0EJR14

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

38866

File size:

716.5 KB (733,696 bytes)

Product version:

2.0.0.0

Trademarks:

Torrent-TV.RU

Original file name:

TTVProxy_win.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

9/6/2014 4:34:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:PpIa0zp8XTm8Zr+LwvH1vFhr8XTm8Zr+LwvH1vFhA4NFL6Zkcpm1Ai5:PkzGm84wNvFhIm84wNvFhbNsLpm1AG

Entry address:

0xB44AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.4356

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

713.5 KB (730,624 bytes)

The file TTVProxy_win.exe has been seen being distributed by the following URL.

https://wildfire.paloaltonetworks.com/panos/sample/.../OHhPSWZ5S0FuN0VNbXFRZkRJSHgvUHlVTVBpVDZNTlpiL3hEdHIraFZ4ZDJoVWNCdFJhYTdvYjBWQ1NtYWNabFJHcmI2Qjg1SUZqd2FGd0VPczhpSEp3NUpCZ1RnVy9jVkRtdDdzRlNCYitqendlaGFzUFhDbzE0RjIzY3Q3bmExLzNHRzhzK3d1Z1pnMXQvdG1qcU96R3Z3bkF0b2pXcTU5b1VGUkFwcHNiUjFKTGppM3h4T2FKN2E5NUlNK3Z2

Remove TTVProxy_win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.