Proxomitron.exe

Proxomitron

Groom-A-Zebu (tm)

The executable Proxomitron.exe has been detected as malware by 1 anti-virus scanner. This executable runs as a local area network (LAN) Internet proxy server listening on port 8080 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 186-192-84-89.ptr.globo.com on port 80 using the HTTP protocol.
Publisher:
Groom-A-Zebu (tm)

Product:
Proxomitron

Description:
The Proxomitron

Version:
4, 5, 0, 4 Private Build

MD5:
6396fdfc0791c44819e544147f008f1f

SHA-1:
1e2704f2a77b9e871ee46e5abbee56689b8889cc

SHA-256:
2acea7d98e3f8d427631e1a3086a5f29e4e59e782421eb412e5839cfb34598c2

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 11:51:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation
15.6.5.11

File size:
314 KB (321,536 bytes)

Product version:
Naoko-4.5 2003-6-1

Copyright:
Copyright © 1999 - 2003 By Scott R. Lemmon

Trademarks:
Proxomitron, The, and the letters A-Z

Original file name:
Proxomitron.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/1/2003 9:13:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
3072:v2+R4Eye/d52fkXhQsvY9pncMX2KgOBhrG4KmF/AIiaaI:v2+RNye/d528X0j9rhrGN4

Entry address:
0x25D00

Entry point:
55, 8B, EC, 6A, FF, 68, A8, 65, 42, 00, 68, F0, 5C, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, 98, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, 6A, 02, FF, 15, F0, 61, 42, 00, 83, C4, 04, C7, 05, 74, C7, 42, 00, FF, FF, FF, FF, C7, 05, 78, C7, 42, 00, FF, FF, FF, FF, FF, 15, 40, 61, 42, 00, 8B, 0D, 04, C6, 42, 00, 89, 08, FF, 15, 38, 61, 42, 00, 8B, 15, 00, C6, 42, 00, 89, 10, A1, 3C, 61, 42, 00, 8B, 08, 89, 0D, 7C, C7, 42, 00, E8, 76, 01, 00, 00, A1, 40, C4, 42, 00, 85...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
148 KB (151,552 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://localhost:8080/

Local host port:
8080

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sitecheck2.opera.com  (82.145.215.41:80)

TCP (HTTP):
Connects to cloud057.hospedagem.w3br.com  (200.187.74.126:80)

TCP (HTTP):
Connects to c9111f19.akamai.rjo.virtua.com.br  (201.17.31.25:80)

TCP (HTTP):
Connects to c9111e97.virtua.com.br  (201.17.30.151:80)

TCP (HTTP):
Connects to c9111e90.virtua.com.br  (201.17.30.144:80)

TCP (HTTP):
Connects to c9111e8f.virtua.com.br  (201.17.30.143:80)

TCP (HTTP):
Connects to c9111e86.virtua.com.br  (201.17.30.134:80)

TCP (HTTP SSL):
Connects to b2.e0.559e.ip4.static.sl-reverse.com  (158.85.224.178:443)

TCP (HTTP SSL):
Connects to ae.e0.559e.ip4.static.sl-reverse.com  (158.85.224.174:443)

TCP (HTTP SSL):
Connects to ad.e0.559e.ip4.static.sl-reverse.com  (158.85.224.173:443)

TCP (HTTP):
Connects to acraiz.icpbrasil.gov.br  (200.130.30.4:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to 38.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.56:443)

TCP (HTTP):
Connects to 186-192-84-89.ptr.globo.com  (186.192.84.89:80)

TCP (HTTP):
Connects to 186-192-84-11.ptr.globo.com  (186.192.84.11:80)

TCP (HTTP):
Connects to 186-192-82-194.ptr.globo.com  (186.192.82.194:80)

TCP (HTTP):
Connects to 186-192-82-154.ptr.globo.com  (186.192.82.154:80)

TCP (HTTP):
Connects to 186-192-82-114.ptr.globo.com  (186.192.82.114:80)

Remove Proxomitron.exe - Powered by Reason Core Security