home

proc.exe

The application proc.exe has been detected as adware by 3 anti-malware scanners.
MD5:
d75b18ca26252d8ecdcd1c03ab03089d

SHA-1:
67c5659264013248f67a2b53984bfe3c4d534521

SHA-256:
f9ececb0ec1062e4b36944beda7edf40ae4b967dcdd81f2b6e11c15e2c29b1d2

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/26/2024 2:18:02 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Necurs
2014.09.11

Dr.Web
DLOADER.Trojan
9.0.1.0256

Reason Heuristics
Adware.50Red.Bench.E
14.9.13.4

File size:
421.5 KB (431,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
9/8/2014 5:10:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:hkeSeX3jH2QW9cbzijSwgQOfYdI7MQqLU0cQ:hcr9Uz2SwgQuYHU0cQ

Entry address:
0x38340

Entry point:
E8, E4, F9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 24, 7B, 46, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, E4, 62, 46, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 46, FA, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 6A, A0, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
6.6242

Code size:
361.5 KB (370,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to float.1643.bm-impbus.prod.lax1.adnexus.net  (68.67.128.143:80)

TCP (HTTP SSL):
Connects to ec2-50-19-96-36.compute-1.amazonaws.com  (50.19.96.36:443)

TCP (HTTP SSL):
Connects to ec2-50-19-210-59.compute-1.amazonaws.com  (50.19.210.59:443)

TCP (HTTP):
Connects to ec2-50-112-247-44.us-west-2.compute.amazonaws.com  (50.112.247.44:80)

TCP (HTTP SSL):
Connects to ec2-174-129-206-165.compute-1.amazonaws.com  (174.129.206.165:443)

TCP (HTTP):
Connects to cf-199-27-134-48.cloudflare.com  (199.27.134.48:8080)

TCP (HTTP):
Connects to a96-6-113-120.deploy.akamaitechnologies.com  (96.6.113.120:80)

TCP (HTTP):
Connects to a23-73-181-19.deploy.static.akamaitechnologies.com  (23.73.181.19:80)

TCP (HTTP):
Connects to a23-3-12-25.deploy.static.akamaitechnologies.com  (23.3.12.25:80)

TCP (HTTP):
Connects to a23-220-149-168.deploy.static.akamaitechnologies.com  (23.220.149.168:80)

TCP (HTTP):
Connects to a23-220-149-113.deploy.static.akamaitechnologies.com  (23.220.149.113:80)

TCP (HTTP):
Connects to a23-212-53-166.deploy.static.akamaitechnologies.com  (23.212.53.166:80)

TCP (HTTP):
Connects to a23-0-160-8.deploy.static.akamaitechnologies.com  (23.0.160.8:80)

TCP (HTTP):
Connects to a2-16-153-64.deploy.akamaitechnologies.com  (2.16.153.64:80)

TCP (HTTP):
Connects to a173-223-205-9.deploy.static.akamaitechnologies.com  (173.223.205.9:80)

TCP (HTTP):
Connects to a173-223-205-80.deploy.static.akamaitechnologies.com  (173.223.205.80:80)

Remove proc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.