Home / malware HackTool:Win32/CCProxy.B
First posted on 28 December 2012.
Source: MicrosoftAliases :
HackTool:Win32/CCProxy.B is also known as Trojan/Win32.Proxy (AhnLab), not-a-virus:Server-Proxy.Win32.CCProxy.x (Kaspersky), TR/Virtl.3815.46 (Avira), Program.CCProxy (Dr.Web), Win32/CCProxy application (ESET), not-a-virus:Server-Proxy.Win32.CCProxy (Ikarus).
Explanation :
Installation
HackTool:Win32/CCProxy.B creates the following files:
- <current folder>\log\log<date in yyyymmdd format>.txt
- <current folder>\ccproxy.ini
Payload
Opens and listens to certain ports
HackTool:Win32/CCProxy.B opens and listens to the following TCPports:
- 1080
- 110
- 119
- 2121
- 23
- 25
- 808
To check for Internet connectivity, it tries to connect to yahoo.com via port 80.
Redirects Internet traffic through a proxy server
HackTool:Win32/CCProxy.B is used to redirect your Internet traffic through a proxy server. It may be configured by a remote attacker to listen in on your Internet activities.
Analysis by Hyun Choi
Last update 28 December 2012
