webproxy.exe

The application webproxy.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address dmpro-ca-01.fooservers.com on port 3333.
MD5:
035f02b14f1f8437e215f2e9194083c0

SHA-1:
2a9ade64e5eb60accfc8cc1aebb16f0467181746

SHA-256:
ab182d40513aa33012dd054e12e95de8dba326ba5fcda20447c7fb282e6e74e2

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/23/2024 2:55:07 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.BitCoinMiner
2014.06.12

Avira AntiVirus
W32/Sality.Patched
7.11.30.172

avast!
Win32:Miner-B [PUP]
2014.9-140420

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.14420

ESET NOD32
Win32/BitCoinMiner.BP potentially unsafe application
8.7.0.302.0

F-Prot
W32/Patched.Y.gen
v6.4.6.5.141

K7 AntiVirus
Trojan
13.176.11806

McAfee
Artemis!035F02B14F1F
5600.7155

Trend Micro House Call
HKTL_BITMINE.SML
7.2.110

Trend Micro
HKTL_BITMINE.SML
10.465.20

File size:
231.5 KB (237,070 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\webfreer\webproxy.exe

File PE Metadata
Compilation timestamp:
4/10/2014 7:47:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
3072:wqwL9hz2+JZgIxhlqMv0rZPOPdXpojKJv1mOV5FZRuR0vU5wj5JDff+3mt1yxoD0:wqABDx1v0rZP4Z/xVLvfDNjyGOaN3A0w

Entry address:
0x1570

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 04, C3, 43, 00, E8, FB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 04, C3, 43, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 48, C3, 43, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 2C, C3, 43, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 50, 43, 00, E8, 66, 16, 03, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44...
 
[+]

Entropy:
6.3372

Code size:
203 KB (207,872 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to dmpro-ca-01.fooservers.com  (167.114.156.214:3333)

Remove webproxy.exe - Powered by Reason Core Security