ocs_v71b.exe

OCS

The application ocs_v71b.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address prxy1.thinklabs-cluster.de on port 443.
Publisher:
OCS

Product:
OCS

Version:
1.0.0.0

MD5:
7b3b5db5fdd271811f9f22d52ee36e9d

SHA-1:
dae3b80a567aa739fa54d4c896a2cfe0f9718180

SHA-256:
c5e83f41df5b4158994a29122874c3ff26d5e5877eb9a1dc109693d8ea41cea2

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:13:49 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.DownloadSponsor
4.0.3.1457

ESET NOD32
Win32/DownloadSponsor (variant)
8.9767

VIPRE Antivirus
DownloadSponsor
28950

File size:
304 KB (311,296 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Project OCS

Original file name:
OCS.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ocs_v71b.exe

File PE Metadata
Compilation timestamp:
5/7/2014 9:23:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:afCEDX8qkkn9wifVsNQoMBmOSrqVL4y9f:afX4qkkn9wifVzo6mj

Entry address:
0x47DFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
280 KB (286,720 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to prxy2.thinklabs-cluster.de  (46.4.173.132:443)

TCP (HTTP SSL):
Connects to prxy1.thinklabs-cluster.de  (88.198.27.202:443)

TCP (HTTP):
Connects to www2.thinklabs-cluster.de  (46.4.173.131:80)

TCP (HTTP):
Connects to www1.thinklabs-cluster.de  (88.198.27.201:80)

TCP (HTTP):
Connects to openx-farm.l3muc-b.cxo.name  (212.162.62.38:80)

TCP (HTTP):
Connects to a95-100-249-123.deploy.akamaitechnologies.com  (95.100.249.123:80)

TCP (HTTP):
Connects to a85-183-195-194.deploy.akamaitechnologies.com  (85.183.195.194:80)

Remove ocs_v71b.exe - Powered by Reason Core Security