CCProxy.EXE

CCProxy

Youngzsoft

The application CCProxy.EXE has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address li365-173.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Youngzsoft

Product:
CCProxy

Version:
7, 3, 0, 0

MD5:
c1b42d67db5d0d05d16aa776951fed1c

SHA-1:
07888f6eddbb51f86a7b06b29f3fd135945ac6d0

SHA-256:
2c474da1bb095f6cdd67363830fc46da9b1c04cf907f8aaa06c9730db86f499d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 11:40:31 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.Youngzsoft.Meta
15.6.25.18

File size:
878 KB (899,072 bytes)

Product version:
7, 3, 0, 0

Copyright:
Copyright(C) 2000

Original file name:
CCProxy.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/24/2013 3:21:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Zy3ZraPKG/C1OibZeoeFfkDGpGGj7zPG93X2Bj6RPf89WOKcB5eCk3f+KJoUnUKm:44j7zC/cnjk3f+coyUlzl

Entry address:
0x544F9

Entry point:
E8, F0, 04, 00, 00, E9, D7, FC, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0, 43, 4A, 00, 89, 0D, BC, 43, 4A, 00, 89, 15, B8, 43, 4A, 00, 89, 1D, B4, 43, 4A, 00, 89, 35, B0, 43, 4A, 00, 89, 3D, AC, 43, 4A, 00, 66, 8C, 15, D8, 43, 4A, 00, 66, 8C, 0D, CC, 43, 4A, 00, 66, 8C, 1D, A8, 43, 4A, 00, 66, 8C, 05, A4, 43, 4A, 00, 66, 8C, 25, A0, 43, 4A, 00, 66, 8C, 2D, 9C, 43, 4A, 00, 9C, 8F, 05, D0, 43, 4A, 00, 8B, 45, 00, A3, C4, 43, 4A, 00, 8B, 45, 04, A3, C8, 43, 4A, 00, 8D, 45, 08, A3, D4, 43, 4A...
 
[+]

Entropy:
6.3099

Code size:
363.5 KB (372,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.tp2.yahoo.com  (203.188.200.67:443)

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

TCP (HTTP):
Connects to static-ip-85-25-41-239.inaddr.ip-pool.com  (85.25.41.239:80)

TCP (HTTP):
Connects to srv91.lunaweb.pro  (176.31.103.19:80)

TCP (HTTP):
Connects to patches.ubi.com  (216.98.55.17:80)

TCP (HTTP):
Connects to pages-wildcard.weebly.com  (199.34.228.53:80)

TCP:
Connects to ip-172-16-81-5.ec2.internal  (172.16.81.5:51248)

TCP:
Connects to ip-172-16-3-63.ec2.internal  (172.16.3.63:1259)

TCP:
Connects to ip-172-16-138-23.ec2.internal  (172.16.138.23:4620)

TCP:
Connects to ip-172-16-100-83.ec2.internal  (172.16.100.83:50114)

TCP:
Connects to ip-172-16-100-30.ec2.internal  (172.16.100.30:23434)

TCP (HTTP):
Connects to hosted-by.host-palace.com  (103.194.169.102:80)

TCP (HTTP):
Connects to tacoda-atwola-prod-scd-shared.evip.aol.com  (207.200.74.117:80)

TCP (HTTP):
Connects to ir1.fp.vip.ir2.yahoo.com  (46.228.47.115:80)

TCP:
Connects to ip-172-16-85-10.ec2.internal  (172.16.85.10:1477)

TCP:
Connects to ip-172-16-7-6.ec2.internal  (172.16.7.6:3876)

TCP:
Connects to ip-172-16-63-34.ec2.internal  (172.16.63.34:4316)

TCP:
Connects to ip-172-16-60-60.ec2.internal  (172.16.60.60:2621)

TCP:
Connects to ip-172-16-3-38.ec2.internal  (172.16.3.38:51650)

TCP:
Connects to ip-172-16-17-63.ec2.internal  (172.16.17.63:1836)

Remove CCProxy.EXE - Powered by Reason Core Security