proxy_sa.exe

MD5:
2f5fc8ec6680552a2249dcdcc716dfd3

SHA-1:
f6c96f55054a44abdbc7d68ee861056ee4a32604

SHA-256:
e851ce8437018d601e33976a7439acb6e7f7594148d6368c11bb79831c388785

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 7:58:14 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4613

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14207

Sophos
Sus/Sality-A
4.59

File size:
13.7 MB (14,383,616 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hot coffee\proxy_sa.exe

File PE Metadata
Compilation timestamp:
11/8/2005 10:51:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
196608:qYQnnDbxRXCeeVJGfp/N+AYQyL3TTrbJvvAi80JFCC:qXnDbnyeeVJGfJN+B1r

Entry address:
0x424570

Entry point:
6A, 60, 68, 78, 80, 88, 00, E8, 64, 41, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, E8, DA, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 44, 81, 85, 00, 8B, 4E, 10, 89, 0D, 08, AC, C9, 00, 8B, 46, 04, A3, 14, AC, C9, 00, 8B, 56, 08, 89, 15, 18, AC, C9, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, AC, C9, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, AC, C9, 00, C1, E0, 08, 03, C2, A3, 10, AC, C9, 00, 33, F6, 56, 8B, 3D, 68, 80, 85, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.2280

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
10.8 MB (11,304,960 bytes)

The file proxy_sa.exe has been discovered within the following programs.

Grand Theft Auto: San Andreas  by Rockstar Games
www.rockstargames.com
About 3% of users remove it
GTA San Andreas  by Rockstar Games Inc.
Grand Theft Auto: San Andreas is an open world action-adventure video game.
1% remove it
MTA:SA v1.3  by Multi Theft Auto
www.multitheftauto.com
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to multitheftauto.com  (91.121.44.90:80)

TCP (HTTP):
Connects to aventine.modpro.be  (213.239.211.214:80)

TCP:
Connects to s1.slotex.pl  (137.74.111.145:7506)

TCP:
Connects to dial.youcratenearseenart.com  (160.202.166.14:22005)

TCP:
Connects to host-46-174-48-50.rs-media.ru  (46.174.48.50:32120)

TCP:
Connects to ns521573.ip-158-69-121.net  (158.69.121.27:22001)

TCP (HTTP):
Connects to ns3032256.ip-149-202-89.eu  (149.202.89.96:80)

TCP (HTTP):
Connects to s2.cit2.net  (94.23.158.180:80)

TCP:
Connects to Host-46-174-50-52.rs-media.ru  (46.174.50.52:32059)

TCP (HTTP):
Connects to s5-133.gazduirejocuri.ro  (193.84.64.133:80)

TCP:
Connects to ip12.ip-5-196-159.eu  (5.196.159.12:22065)

TCP:
Connects to dayzmta.ru  (74.119.194.26:22030)

TCP (HTTP):
Connects to d1.1shot1kill.pl  (176.9.40.19:80)

TCP (HTTP):
Connects to 195-142-3-83.rdns.saglayici.net  (195.142.3.83:80)

TCP:
Connects to xn--felipe-gabriel-corra-da-silva-ovc.onlineshow.com.br  (149.56.147.203:22005)

TCP:
Connects to www.blasthosting.com.br  (158.69.149.218:22005)

TCP:
Connects to vs0311.flosoft-servers.net  (178.32.238.139:8500)

TCP:
Connects to v-66-150-121-102.unman-vds.internap-nyc.nfoservers.com  (66.150.121.102:22006)

TCP:
Connects to tapleto-host.net  (46.105.250.205:25019)

TCP (HTTP):
Connects to stream05.dotpoint.nl  (5.39.79.33:80)

Scan proxy_sa.exe - Powered by Reason Core Security