» MalwareProtectionClient.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (12)

MalwareProtectionClient.exe

MalwareProtectionClient

Malware Protection Live

The application MalwareProtectionClient.exe by Malware Protection Live has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MalwareProtectionLive’. This file is typically installed with the program Malware Protection Live.

File name:

Publisher:

Malware Protection Live (signed and verified)

Product:

MalwareProtectionClient

Version:

1.0.*

MD5:

763ca64c8ef8e19f7cb2ba2d9ed377d2

SHA-1:

fa4b8e9b1129923f377c33e1cb4a1c6b39d88bde

SHA-256:

c3c5bf0033a9479210e9411f7e50461d0834a7b8279b0c1e006717c9a1724063

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/17/2024 11:42:13 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MalwareP (M)

16.3.31.17

File size:

1.1 MB (1,179,680 bytes)

Product version:

1.0.*

Original file name:

MalwareProtectionClient.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe

Digital Signature

Signed by:

Malware Protection Live

Authority:

thawte, Inc.

Valid from:

7/6/2015 5:30:00 AM

Valid to:

7/6/2017 5:29:59 AM

Subject:

CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0DB13F364982158C0E6000F666CC2AA4

File PE Metadata

Compilation timestamp:

3/31/2016 6:12:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:ocrLheENKY2lUwx3Qs+MeRIsq5Oeg7+/UG6dtCG+:prLIENKZCuQsTuufB8GLG+

Entry address:

0x10FFDF

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 94, 08, 01, 80, 10, 00, 00, 00, E4, 08, 01, 80, 18, 00, 00, 00, 48, 0C, 01, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 60, 00, 00... 
[+]

Entropy:

6.8385

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,105,920 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MalwareProtectionLive

Command:

C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe

The file MalwareProtectionClient.exe has been discovered within the following program.

Malware Protection Live

About 1% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-89-210-194.us-west-2.compute.amazonaws.com (52.89.210.194:80)

TCP (HTTP):

Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com (54.69.82.117:80)

TCP (HTTP):

Connects to ec2-35-164-134-69.us-west-2.compute.amazonaws.com (35.164.134.69:80)

TCP (HTTP):

Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com (35.163.9.66:80)

TCP (HTTP):

Connects to ec2-52-10-34-114.us-west-2.compute.amazonaws.com (52.10.34.114:80)

TCP (HTTP):

Connects to ec2-35-164-113-176.us-west-2.compute.amazonaws.com (35.164.113.176:80)

TCP (HTTP):

Connects to ec2-54-149-211-81.us-west-2.compute.amazonaws.com (54.149.211.81:80)

TCP (HTTP):

Connects to ec2-54-149-168-253.us-west-2.compute.amazonaws.com (54.149.168.253:80)

TCP (HTTP):

Connects to ec2-52-10-150-55.us-west-2.compute.amazonaws.com (52.10.150.55:80)

TCP (HTTP):

Connects to a23-15-149-163.deploy.static.akamaitechnologies.com (23.15.149.163:80)

TCP (HTTP):

Connects to a23-51-123-27.deploy.static.akamaitechnologies.com (23.51.123.27:80)

TCP (HTTP):

Connects to a23-35-91-27.deploy.static.akamaitechnologies.com (23.35.91.27:80)

Remove MalwareProtectionClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.