MalwareProtectionClient.exe

MalwareProtectionClient

Malware Protection Live

The executable MalwareProtectionClient.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MalwareProtectionLive’.
Publisher:
Malware Protection Live  (signed and verified)

Product:
MalwareProtectionClient

Version:
1.0.*

MD5:
1af1093fec1ad62175e89d12bcc39362

SHA-1:
59d8eb213ba825004bfef042edbfe3efc96afee9

SHA-256:
5e50a64204695f993dba00799c3f94db7693c8019454f787ce9d532c5066405a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 10:21:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.9.0

File size:
1.1 MB (1,187,360 bytes)

Product version:
1.0.*

Copyright:
Copyright © 2015

Original file name:
MalwareProtectionClient.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
7/5/2015 8:00:00 PM

Valid to:
7/5/2017 7:59:59 PM

Subject:
CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0DB13F364982158C0E6000F666CC2AA4

File PE Metadata
Compilation timestamp:
3/8/2017 4:02:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x111D0D

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,113,600 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MalwareProtectionLive

Command:
C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com  (35.163.9.66:80)

TCP (HTTP):
Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com  (54.69.82.117:80)

TCP (HTTP):
Connects to ec2-35-164-134-69.us-west-2.compute.amazonaws.com  (35.164.134.69:80)

TCP (HTTP):
Connects to ec2-35-164-113-176.us-west-2.compute.amazonaws.com  (35.164.113.176:80)

TCP (HTTP):
Connects to ec2-52-89-210-194.us-west-2.compute.amazonaws.com  (52.89.210.194:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-64-165-163.deploy.static.akamaitechnologies.com  (23.64.165.163:80)

TCP (HTTP):

TCP (HTTP):

Remove MalwareProtectionClient.exe - Powered by Reason Core Security