proc.exe

The application proc.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
fa2f81309ac66d81a1c6b5ba012a5024

SHA-1:
5dfc92931003c42edc6812c762f74d868124c36a

SHA-256:
55952667ee2849a3440ea6fb36309844d84ced8083264c2441d10e80a1082df6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 12:20:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
14.5.5.21

File size:
376 KB (385,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
4/22/2014 11:26:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:LOG+UV5AgBiCeXhr+VeakSi8BNIubXMup1iwEGSqASnys/S:iGLACeXhaohX8BNpbX9p1iwEXqASny

Entry address:
0x2D8AC

Entry point:
E8, 27, F8, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 48, 88, 45, 00, E8, BE, 28, 00, 00, 6A, 0E, E8, 3C, FA, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 6C, CA, 45, 00, BA, 68, CA, 45, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 2A, D5, FF, FF, 59, FF, 76, 04, E8, 21, D5, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, AD, 28, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, F0, F8, 00, 00, 59, C3, 6A, 0C, 68, 68, 88, 45...
 
[+]

Entropy:
6.6184

Code size:
320 KB (327,680 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:3128/

Local host port:
3128

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-96.ip.secureserver.net  (184.168.221.96:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to track-eu.adform.net  (37.157.6.227:80)

TCP (HTTP):
Connects to static-ip-62-75-176-183.inaddr.ip-pool.com  (62.75.176.183:80)

TCP (HTTP):
Connects to server-54-230-49-76.jfk5.r.cloudfront.net  (54.230.49.76:80)

TCP (HTTP):
Connects to frankfurt-2.cdn77.com  (77.243.189.77:80)

TCP (HTTP):
Connects to enlefkohome.gr  (51.254.158.129:80)

TCP (HTTP):
Connects to ec2-54-225-186-137.compute-1.amazonaws.com  (54.225.186.137:80)

TCP (HTTP):
Connects to ec2-54-204-0-59.compute-1.amazonaws.com  (54.204.0.59:80)

TCP (HTTP):
Connects to ec2-50-17-243-28.compute-1.amazonaws.com  (50.17.243.28:80)

TCP (HTTP):
Connects to c163.cyan.fastwebserver.de  (85.114.132.163:80)

TCP (HTTP):
Connects to blk-237-125-96.eastlink.ca  (173.237.125.96:80)

TCP (HTTP):
Connects to bid.xa.dc.openx.org  (173.241.240.6:80)

TCP (HTTP):
Connects to a95-100-51-167.deploy.akamaitechnologies.com  (95.100.51.167:80)

TCP (HTTP):
Connects to a23-67-244-155.deploy.static.akamaitechnologies.com  (23.67.244.155:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a216-23-154-73.deploy.akamaitechnologies.com  (216.23.154.73:80)

Remove proc.exe - Powered by Reason Core Security