proc.exe

The application proc.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 3128 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 178.155.155.104.bc.googleusercontent.com on port 80 using the HTTP protocol.
MD5:
3a641a4d0af4dd5aeca742d5db8058a5

SHA-1:
b023c0101b3900f6d3f26372744457defa6f4249

SHA-256:
20231c6b80322200bbb8a3444c37ae044c323e87f3b89dc4c5cf0695fc8af1ce

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 8:48:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.50Red.Bench.E
14.12.3.17

File size:
477 KB (488,448 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bench\proxy\proc.exe

File PE Metadata
Compilation timestamp:
11/20/2014 3:34:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:QvcPPSaUU5lLVWvxaAFOjz+HsuVCTwYNiJl:6A7VWZbFQzGUTwl

Entry address:
0x3BA51

Entry point:
E8, 21, 1C, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 51, 53, 33, DB, 56, 39, 5D, 08, 75, 16, E8, CD, 0B, 00, 00, 6A, 16, 5E, 89, 30, E8, 14, 0B, 00, 00, 8B, C6, E9, 89, 00, 00, 00, 8B, 75, 0C, 85, F6, 74, E3, E8, 70, 3B, 00, 00, 85, C0, 75, 0D, FF, 15, 2C, 42, 46, 00, 85, C0, 75, 03, 33, DB, 43, 33, C0, 50, 50, 6A, FF, FF, 75, 08, 89, 06, 50, 53, FF, 15, A8, 40, 46, 00, 89, 45, FC, 85, C0, 75, 11, FF, 15, 64, 41, 46, 00, 50, E8, 58, 0B, 00, 00, 59, 33, C0, EB, 41, 03, C0, 50, E8, E7, 05, 00, 00, 89, 06, 59...
 
[+]

Entropy:
6.5831

Code size:
396 KB (405,504 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:3128/

Local host port:
3128

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to ip-184-168-221-96.ip.secureserver.net  (184.168.221.96:80)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP):
Connects to server-54-230-39-95.jfk1.r.cloudfront.net  (54.230.39.95:80)

TCP (HTTP):
Connects to server-205-251-251-56.jfk5.r.cloudfront.net  (205.251.251.56:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to cloud.gti.mcafee.com  (161.69.165.6:443)

TCP (HTTP):
Connects to a96-6-113-18.deploy.akamaitechnologies.com  (96.6.113.18:80)

TCP (HTTP):
Connects to a72-246-43-51.deploy.akamaitechnologies.com  (72.246.43.51:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-66-230-171.deploy.static.akamaitechnologies.com  (23.66.230.171:80)

TCP (HTTP):
Connects to a201-48-047-041.deploy.akamaitechnologies.com  (201.48.47.41:80)

TCP (HTTP):
Connects to 87.64.154.104.bc.googleusercontent.com  (104.154.64.87:80)

TCP (HTTP):
Connects to 178.155.155.104.bc.googleusercontent.com  (104.155.155.178:80)

Remove proc.exe - Powered by Reason Core Security