proc.exe

The application proc.exe has been detected as adware by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address signin.ea.com on port 443.
MD5:
e85415bf7caa9b8b60e129e38013153b

SHA-1:
5785d6c6e75aa06c941ab3eadbeae27621bd46b4

SHA-256:
93ab753c7d38e1ec590c6cbd8a50d90f2e1b32b1949b4b02f03ba5c6c4506614

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/28/2024 11:34:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
HW32.WirSen
1.3.0.4959

Dr.Web
DLOADER.Trojan
9.0.1.0218

Reason Heuristics
Adware.Bench.E
14.8.6.9

Trend Micro House Call
Suspicious_GEN.F47V0718
7.2.218

File size:
420.5 KB (430,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
7/18/2014 4:05:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:VjwcXFHoJ/Wro852SeZXHAQUPokIi7f9UqMMp4:V5rv52SeZXHbUPUqMM

Entry address:
0x38153

Entry point:
E8, E1, F9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 24, 7B, 46, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, E4, 62, 46, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 43, FA, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 57, A0, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Code size:
361 KB (369,664 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:3128/

Local host port:
3128

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a104-94-132-30.deploy.static.akamaitechnologies.com  (104.94.132.30:443)

TCP (HTTP SSL):
Connects to signin.ea.com  (159.153.228.140:443)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to accounts.ea.com  (159.153.228.137:443)

TCP (HTTP):
Connects to ec2-34-199-172-221.compute-1.amazonaws.com  (34.199.172.221:80)

TCP (HTTP):
Connects to a72-247-182-27.deploy.akamaitechnologies.com  (72.247.182.27:80)

TCP (HTTP):
Connects to a72-247-182-120.deploy.akamaitechnologies.com  (72.247.182.120:80)

TCP (HTTP SSL):
Connects to public98659.xdsl.centertel.pl  (46.134.193.99:443)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to a72-247-182-40.deploy.akamaitechnologies.com  (72.247.182.40:80)

TCP (HTTP):
Connects to a72-247-182-17.deploy.akamaitechnologies.com  (72.247.182.17:80)

TCP (HTTP SSL):
Connects to public98644.xdsl.centertel.pl  (46.134.193.84:443)

TCP (HTTP SSL):
Connects to public98614.xdsl.centertel.pl  (46.134.193.54:443)

TCP (HTTP SSL):
Connects to public98580.xdsl.centertel.pl  (46.134.193.20:443)

TCP (HTTP SSL):
Connects to lr-in-f156.1e100.net  (209.85.233.156:443)

TCP (HTTP SSL):
Connects to 5-226-127-251.static.ip.netia.com.pl  (5.226.127.251:443)

TCP (HTTP):
Connects to server-54-192-230-130.waw50.r.cloudfront.net  (54.192.230.130:80)

TCP (HTTP):
Connects to server-205-251-251-224.jfk5.r.cloudfront.net  (205.251.251.224:80)

TCP (HTTP SSL):
Connects to public98664.xdsl.centertel.pl  (46.134.193.104:443)

TCP (HTTP SSL):
Connects to public98654.xdsl.centertel.pl  (46.134.193.94:443)

Remove proc.exe - Powered by Reason Core Security