MalwareProtectionClient.exe

MalwareProtectionClient

Malware Protection Live

The executable MalwareProtectionClient.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler named MPLClient triggered to execute each time a user logs in. This file is typically installed with the program Malware Protection Live.
Publisher:
Malware Protection Live  (signed and verified)

Product:
MalwareProtectionClient

Version:
1.0.*

MD5:
5d92995b5b86ab1445144519484308a3

SHA-1:
5253a93da233d824b39195b63882af9687d5ed39

SHA-256:
276db8cbc0616a729e6c09178f38ab49a4f572cefec74cabe1c9411f0961859e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 6:26:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.28.0

File size:
1.5 MB (1,596,448 bytes)

Product version:
1.0.*

Copyright:
Copyright © 2015

Original file name:
MalwareProtectionClient.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\malwareprotectionlive\malwareprotectionclient.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
7/5/2015 2:00:00 PM

Valid to:
7/5/2017 1:59:59 PM

Subject:
CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0DB13F364982158C0E6000F666CC2AA4

File PE Metadata
Compilation timestamp:
1/27/2017 4:52:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x175BE1

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 94, 08, 01, 80, 10, 00, 00, 00, E4, 08, 01, 80, 18, 00, 00, 00, 48, 0C, 01, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 60, 00, 00, 00, 6C...
 
[+]

Entropy:
6.6569

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.5 MB (1,522,688 bytes)

Scheduled Task
Task name:
MPLClient

Trigger:
Logon (Runs on logon)

Description:
Malware Protection Live Client


The file MalwareProtectionClient.exe has been discovered within the following program.

About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-35-164-113-176.us-west-2.compute.amazonaws.com  (35.164.113.176:80)

TCP (HTTP):
Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com  (35.163.9.66:80)

TCP (HTTP):
Connects to ec2-35-164-134-69.us-west-2.compute.amazonaws.com  (35.164.134.69:80)

TCP (HTTP):
Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com  (54.69.82.117:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-46-101-163.deploy.static.akamaitechnologies.com  (23.46.101.163:80)

Remove MalwareProtectionClient.exe - Powered by Reason Core Security