home

CCProxy.EXE

CCProxy

Youngzsoft

The application CCProxy.EXE has been detected as adware by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CCProxy’.
Publisher:
Youngzsoft

Product:
CCProxy

Version:
7, 3, 0, 0

MD5:
9ead57308ebb65d0468dd21d5671dd28

SHA-1:
d1807ad3ebd7a971a88f1e2f829861f4a7855289

SHA-256:
a412a22fc582141ba3a183e50318dad02652a0e57af7409a20b4aaf111e6eeb5

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/6/2024 8:20:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:CCProxy-D [PUP]
2014.9-140515

ESET NOD32
Win32/CCProxy (variant)
8.8535

Reason Heuristics
PUP.Youngzsoft.H
14.5.15.20

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.135

File size:
872 KB (892,928 bytes)

Product version:
7, 3, 0, 0

Copyright:
Copyright(C) 2000

Original file name:
CCProxy.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ccproxy\ccproxy.exe

File PE Metadata
Compilation timestamp:
3/22/2013 3:02:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:8N4GDrnvevjw0MYQIPxKNhRFnSjjLC9ZEfe9wKuU5kgsIgQisuzJoUnUKkzGnp:mdSjjLOisAoyUlzu

Entry address:
0x53859

Entry point:
E8, F0, 04, 00, 00, E9, D7, FC, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 90, 33, 4A, 00, 89, 0D, 8C, 33, 4A, 00, 89, 15, 88, 33, 4A, 00, 89, 1D, 84, 33, 4A, 00, 89, 35, 80, 33, 4A, 00, 89, 3D, 7C, 33, 4A, 00, 66, 8C, 15, A8, 33, 4A, 00, 66, 8C, 0D, 9C, 33, 4A, 00, 66, 8C, 1D, 78, 33, 4A, 00, 66, 8C, 05, 74, 33, 4A, 00, 66, 8C, 25, 70, 33, 4A, 00, 66, 8C, 2D, 6C, 33, 4A, 00, 9C, 8F, 05, A0, 33, 4A, 00, 8B, 45, 00, A3, 94, 33, 4A, 00, 8B, 45, 04, A3, 98, 33, 4A, 00, 8D, 45, 08, A3, A4, 33, 4A...
 
[+]

Entropy:
6.3046

Code size:
359.5 KB (368,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CCProxy

Command:
C:\Program Files\ccproxy\ccproxy.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 1.proxy.pens.ac.id  (202.9.85.32:443)

TCP (HTTP SSL):
Connects to a23-65-100-246.deploy.static.akamaitechnologies.com  (23.65.100.246:443)

TCP (HTTP SSL):
Connects to static-202-65-143-227.ctrls.in  (202.65.143.227:443)

TCP (HTTP SSL):
Connects to blob.by4prdstr02a.store.core.windows.net  (40.112.152.24:443)

TCP (HTTP SSL):
Connects to a72-246-79-92.deploy.akamaitechnologies.com  (72.246.79.92:443)

TCP (HTTP SSL):
Connects to server25608.teamviewer.com  (188.172.223.28:443)

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

TCP (HTTP SSL):
Connects to channelproxy-shv-07-ash2.facebook.com  (173.252.113.17:443)

TCP (HTTP SSL):
Connects to bn1wns2011511.wns.windows.com  (157.56.100.86:443)

TCP (HTTP SSL):
Connects to a104-114-85-38.deploy.static.akamaitechnologies.com  (104.114.85.38:443)

TCP (HTTP):
Connects to 14.142.64.29.static-Mumbai.vsnl.net.in  (14.142.64.29:8080)

Remove CCProxy.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.