AdxEngine.exe

MPC AdCleaner

DotCash Limited

The application AdxEngine.exe, “MPC AdCleaner CleanEngine” by DotCash Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program MPC Cleaner by DotCash Limited which is a potentially unwanted software program. While running, it connects to the Internet address proxy-com.geewa.com on port 80 using the HTTP protocol.
Publisher:
DotC United Inc  (signed by DotCash Limited)

Product:
MPC AdCleaner

Description:
MPC AdCleaner CleanEngine

Version:
4, 3, 13364, 0822

MD5:
d57fb6dde87adc67365ce1b9cb1880b0

SHA-1:
155086e92558564092a6a11aa84d45e1bd41997a

SHA-256:
4060f27c271baea90e1186ef43322875262c5d6a73f70a54e1ea7e059fada21b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 2:40:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DotC.MPC (L)
16.8.22.13

File size:
702.5 KB (719,328 bytes)

Product version:
4, 3, 13364, 0822

Copyright:
Copyright (c) 2015 DotC United Inc.

Original file name:
AdxEngine.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mpc cleaner\adxengine.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/7/2015 12:00:00 AM

Valid to:
12/29/2016 11:59:59 PM

Subject:
CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C04DCC9BE35C558422BAFEF34984975

File PE Metadata
Compilation timestamp:
8/22/2016 11:37:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:8VGQhGwiNViTFjE24CtuaCmmfRBoq26UXM:8XziNkjE2DcaCZft2H8

Entry address:
0x2771B

Entry point:
E8, B5, D2, 00, 00, E9, 78, FE, FF, FF, 33, C0, 40, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 78, 51, 44, 00, A3, E0, 3B, 45, 00, 85, C0, 75, 02, 5D, C3, 33, C0, 40, A3, 88, 4E, 45, 00, 5D, C3, 83, 3D, 88, 4E, 45, 00, 03, 75, 57, 53, 33, DB, 39, 1D, 70, 4E, 45, 00, 57, 8B, 3D, 30, 51, 44, 00, 7E, 33, 56, 8B, 35, 74, 4E, 45, 00, 83, C6, 10, 68, 00, 80, 00, 00, 6A, 00, FF, 76, FC, FF, 15, 80, 51, 44, 00, FF, 36, 6A, 00, FF, 35, E0, 3B, 45, 00, FF, D7, 83...
 
[+]

Code size:
272 KB (278,528 bytes)

The file AdxEngine.exe has been discovered within the following program.

MPC Cleaner  by DotCash Limited
www.mpc.solution
66% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to proxy-com.geewa.com  (91.103.162.71:80)

TCP (HTTP):
Connects to ec2-184-169-179-91.us-west-1.compute.amazonaws.com  (184.169.179.91:80)

TCP (HTTP):
Connects to 187-44-150-105.STATIC.itsweb.com.br  (187.44.150.105:80)

TCP (HTTP):
Connects to cd.3e.559e.ip4.static.sl-reverse.com  (158.85.62.205:80)

TCP (HTTP):
Connects to ec2-184-169-128-248.us-west-1.compute.amazonaws.com  (184.169.128.248:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP):
Connects to static.242.0.76.144.clients.your-server.de  (144.76.0.242:80)

TCP (HTTP SSL):
Connects to a23-57-125-243.deploy.static.akamaitechnologies.com  (23.57.125.243:443)

TCP (HTTP):
Connects to ptr.vng.vn  (49.213.67.10:80)

TCP (HTTP):
Connects to ec2-54-148-44-136.us-west-2.compute.amazonaws.com  (54.148.44.136:80)

TCP (HTTP):
Connects to vip170.ssl.hwcdn.net  (205.185.208.170:80)

TCP (HTTP):
Connects to rtax.criteo.com  (178.250.2.100:80)

TCP (HTTP):
Connects to ns516993.ip-158-69-25.net  (158.69.25.71:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to ec2-54-247-85-245.eu-west-1.compute.amazonaws.com  (54.247.85.245:80)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP):
Connects to ec2-52-202-24-43.compute-1.amazonaws.com  (52.202.24.43:80)

TCP (HTTP):
Connects to ca.65.2d.static.xlhost.com  (173.45.101.202:80)

TCP (HTTP):
Connects to amung.us  (67.202.94.93:80)

Remove AdxEngine.exe - Powered by Reason Core Security