home

catwsprx.exe

CatWSPrx.exe

CrushArcade

The application catwsprx.exe by CrushArcade has been detected as adware by 2 anti-malware scanners. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
Catalytix Web Services  (signed by CrushArcade)

Product:
CatWSPrx.exe

Version:
2.3.3.1

MD5:
63c0c32a3cf210d0ef8f4d146fd7224b

SHA-1:
d66ca3602f4d213dbe7cf3758f80e92f3a1b0e9e

SHA-256:
d5f5ebb8f2af812dc3e196ca66767b33170391805d241ea9f39688581aa6cbca

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 1:38:22 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Komodia.A potentially unsafe (variant)
9.11335

Reason Heuristics
PUP.EpicPlay
15.3.20.11

File size:
1.4 MB (1,464,056 bytes)

Product version:
2.3.3.1

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\crusharcade\cat\catwsprx.exe

Digital Signature
Signed by:
CrushArcade

Authority:
thawte, Inc.

Valid from:
11/22/2014 7:00:00 PM

Valid to:
11/22/2016 6:59:59 PM

Subject:
CN=CrushArcade, O=CrushArcade, L=Irvine, S=California, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
420B76B85E9C8DAC64327368DE6214CA

File PE Metadata
Compilation timestamp:
2/25/2015 8:24:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:Oa+XTHKcQHx6dMZZnq8gYUGwe5bxmPCcdVMeILkzDpHp81pDT2ks+bCSH0HYrdjq:OhTrQcdOnqeUGj5bxmPCcdFqkdwDQJ77

Entry address:
0x440A

Entry point:
E8, F6, 35, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 4C, 24, 0C, 8B, 54, 24, 10, 8B, 5C, 24, 14, F7, C3, FF, FF, FF, FF, 74, 51, 2B, CA, F7, C2, 03, 00, 00, 00, 74, 18, 0F, B6, 04, 0A, 3A, 02, 75, 48, 85, C0, 0F, 44, D8, 42, 83, EB, 01, 76, 34, F6, C2, 03, 75, E8, 8D, 04, 0A, 25, FF, 0F, 00, 00, 3D, FC, 0F, 00, 00, 77, D9, 8B, 04, 0A, 3B, 02, 75, D2, 83, EB, 04, 76, 14, 8D, B0, FF, FE, FE, FE, 83, C2, 04, F7, D0, 23, C6, A9, 80, 80, 80, 80, 74, D1, 33, C0, 5E...
 
[+]

Entropy:
7.9690  (probably packed)

Code size:
66 KB (67,584 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (207.191.178.187:443)

TCP (HTTP SSL):
Connects to any-in-2678.1e100.net  (216.239.38.120:443)

TCP (HTTP SSL):
Connects to ec2-54-245-251-207.us-west-2.compute.amazonaws.com  (54.245.251.207:443)

TCP (HTTP):
Connects to ec2-54-235-191-159.compute-1.amazonaws.com  (54.235.191.159:80)

TCP (HTTP SSL):
Connects to ec2-54-225-121-241.compute-1.amazonaws.com  (54.225.121.241:443)

TCP (HTTP):
Connects to ec2-52-8-104-19.us-west-1.compute.amazonaws.com  (52.8.104.19:80)

TCP (HTTP):
Connects to ec2-52-26-250-195.us-west-2.compute.amazonaws.com  (52.26.250.195:80)

TCP (HTTP):
Connects to ec2-23-23-137-182.compute-1.amazonaws.com  (23.23.137.182:80)

TCP (HTTP):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:80)

TCP (HTTP):
Connects to a96-16-7-40.deploy.akamaitechnologies.com  (96.16.7.40:80)

TCP (HTTP):
Connects to a96-16-6-208.deploy.akamaitechnologies.com  (96.16.6.208:80)

TCP (HTTP):
Connects to a96-16-6-152.deploy.akamaitechnologies.com  (96.16.6.152:80)

TCP (HTTP):
Connects to a23-75-236-168.deploy.static.akamaitechnologies.com  (23.75.236.168:80)

TCP (HTTP):
Connects to a23-72-137-155.deploy.static.akamaitechnologies.com  (23.72.137.155:80)

TCP (HTTP):
Connects to a23-72-137-136.deploy.static.akamaitechnologies.com  (23.72.137.136:80)

TCP (HTTP):
Connects to a23-72-137-129.deploy.static.akamaitechnologies.com  (23.72.137.129:80)

TCP (HTTP):
Connects to a23-56-3-183.deploy.static.akamaitechnologies.com  (23.56.3.183:80)

TCP (HTTP SSL):
Connects to a23-0-152-128.deploy.static.akamaitechnologies.com  (23.0.152.128:443)

TCP (HTTP):
Connects to 63.01.acb8.ip4.static.sl-reverse.com  (184.172.1.99:80)

TCP (HTTP SSL):
Connects to 146.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net  (104.254.150.59:443)

Remove catwsprx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.