» pr0xy_3.0.0_win32.exe
Overview
Analysis
File Details
Downloads (2)

pr0xy_3.0.0_win32.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from wololo.net and multiple other hosts.

File name:

MD5:

19bc1d54a46c8eac945f502a7147331c

SHA-1:

975fee6951dbbe6b9c68b24905a6e5134b2063a7

SHA-256:

0ec9080249a1da0cead725bf7a65ff3abe3f1f8a6635dda980edd12996e1774f

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/29/2024 4:50:48 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.Agent-917220

0.98/21511

File size:

7.5 MB (7,910,807 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\Pictures\pr0xy_3.0.0_win32.exe

File PE Metadata

Compilation timestamp:

1/24/2015 10:14:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

196608:o+4/n1KMf2maHj8fbrrWX0/zH4FfBbyvtAYZ8Pgbsg1TF0kK+GlP/hUzVQahGc:o+4/6mMj8vr5j4FJbONZ82TqN+GlkVoc

Entry address:

0x1000

Entry point:

68, 18, 02, 00, 00, 68, 00, 00, 00, 00, 68, 10, AE, 46, 00, E8, 10, 91, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 0F, 91, 00, 00, A3, 14, AE, 46, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, FC, 90, 00, 00, A3, 10, AE, 46, 00, B8, 40, A7, 43, 00, A3, 28, AE, 46, 00, E8, 42, 86, 02, 00, E8, 70, 68, 02, 00, E8, B7, 64, 02, 00, E8, 0E, 63, 02, 00, E8, DB, 61, 02, 00, E8, C2, 58, 02, 00, E8, BB, 4A, 02, 00, E8, F6, 46, 02, 00, E8, D3, 2F, 02, 00, E8, D7, E9, 01, 00, E8, 39, B7, 01, 00... 
[+]

Packer / compiler:

PKLITE32, 0x1.1

Code size:

194.5 KB (199,168 bytes)

The file pr0xy_3.0.0_win32.exe has been seen being distributed by the following 2 URLs.

http://wololo.net/.../Pr0xy_3.0.0_Win32.exe

http://zload.net/skfu/dl//Pr0xy_3.0.0_Win32.exe

Scan pr0xy_3.0.0_win32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.