» vipanonextproxy.exe
Overview
Analysis
File Details
Network (67)

vipanonextproxy.exe

Security Stronghold LLC

The application vipanonextproxy.exe by Security Stronghold has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address px-acs001.quantserve.com.akadns.net on port 80 using the HTTP protocol.

File name:

vipanonextproxy.exe

Publisher:

Security Stronghold LLC (signed and verified)

MD5:

26e9377f16d7f2e7550d7a8e14e14637

SHA-1:

e19402670761b2396aac3424ba386e503253e8e1

SHA-256:

00d680c6ebecf8bfd2d7390d333733105918f4fe6ae7426044d63467644aafe6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 7:48:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.SecurityStronghold.Meta

15.6.12.5

File size:

2.4 MB (2,563,512 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Security Stronghold LLC

Authority:

GlobalSign nv-sa

Valid from:

10/10/2011 9:19:57 PM

Valid to:

10/10/2012 9:19:57 PM

Subject:

E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan region, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112178C42A18008AB27616B3F5140692C337

File PE Metadata

Compilation timestamp:

4/5/2012 10:10:26 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:wyr0rkoucKZuSRItOc0vMZB1lH89CKwysMlb8ddxM:LwYouMnH8kKwyr

Entry address:

0x1F1004

Entry point:

55, 8B, EC, 83, C4, F0, B8, A0, 52, 5E, 00, E8, C0, A3, E1, FF, A1, 90, B5, 60, 00, 8B, 00, E8, 8C, F7, F1, FF, A1, 90, B5, 60, 00, 8B, 00, B2, 01, E8, 9E, 14, F2, FF, 8B, 0D, 88, AA, 60, 00, A1, 90, B5, 60, 00, 8B, 00, 8B, 15, A0, 49, 5E, 00, E8, 7E, F7, F1, FF, A1, 90, B5, 60, 00, 8B, 00, E8, D6, F8, F1, FF, E8, 59, 62, E1, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4809

Developed / compiled with:

Microsoft Visual C++

Code size:

1.9 MB (2,029,568 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to blueplanetcertificate.com (217.160.167.126:443)

TCP (HTTP SSL):

Connects to nyc33.ff.avast.com (77.234.44.43:443)

TCP (HTTP SSL):

Connects to a92-122-47-88.deploy.akamaitechnologies.com (92.122.47.88:443)

TCP (HTTP SSL):

Connects to a104-69-249-64.deploy.static.akamaitechnologies.com (104.69.249.64:443)

TCP (HTTP SSL):

Connects to ams10-010.ff.avast.com (5.45.62.115:443)

TCP (HTTP SSL):

Connects to a6.57.2da9.ip4.static.sl-reverse.com (169.45.87.166:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-lht6.fbcdn.net (157.240.1.23:443)

TCP (HTTP SSL):

Connects to ssl.locanto.info (80.242.145.100:443)

TCP (HTTP SSL):

Connects to msnbot-207-46-194-10.search.msn.com (207.46.194.10:443)

TCP (HTTP):

Connects to a173-223-30-176.deploy.static.akamaitechnologies.com (173.223.30.176:80)

TCP (HTTP):

Connects to 74-115-1-135.anchorfree.com (74.115.1.135:80)

TCP (HTTP SSL):

Connects to a184-24-199-30.deploy.static.akamaitechnologies.com (184.24.199.30:443)

TCP (HTTP):

Connects to 74-115-0-148.anchorfree.com (74.115.0.148:80)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-ams3.fbcdn.net (31.13.91.6:443)

TCP (HTTP SSL):

Connects to wb-in-f156.1e100.net (66.102.1.156:443)

TCP (HTTP):

Connects to server-52-85-63-234.lhr50.r.cloudfront.net (52.85.63.234:80)

TCP (HTTP):

Connects to nw1.anonymox.net (148.251.55.147:80)

TCP (HTTP SSL):

Connects to edge-z-1-p2-shv-01-lht6.facebook.com (157.240.1.41:443)

TCP (HTTP SSL):

Connects to edge-video-shv-01-ams3.fbcdn.net (31.13.91.15:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-fra3.facebook.com (31.13.93.36:443)

Remove vipanonextproxy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.