home

mbrcheck.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.geekstogo.com and multiple other hosts.
MD5:
cb2d120a4b72422a8141192831b1f500

SHA-1:
4f384c8d798dd0ee6c7ff12046db64e6cc05ccf0

SHA-256:
da8152e57f67680b53325eba1ea91b02bf3ae1a419d725d56dfcb74f6f5a1c7e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
1/14/2025 10:12:23 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4613

File size:
78.5 KB (80,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mbrcheck.exe

File PE Metadata
Compilation timestamp:
8/1/2010 4:31:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

CTPH (ssdeep):
1536:WfhpetTc3DmbnZTg6szXN9jmJAzG1pOL4owHjzFC9Bob88EhZ:Wfhp+Tk2hg3zXuAa1pW4/H87SShZ

Entry address:
0x10FC6

Entry point:
B8, 10, FF, 42, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 0E, 8A, 64, 29, 31, D5, 6E, C6, 76, 05, 6C, 03, C1, DB, CD, 76, 5A, 3A, BA, 24, 01, EB, A2, 48, 4C, 43, 17, F4, 01, EC, 5F, 02, AD, 84, F8, 1E, A1, 17, E3, 35, 6C, 34, E9, 77, 88, 9E, C0, FF, B4, 9B, A7, BF, 1B, 06, 60, AC, CA, 53, 8C, B2, FF, 3F, 54, 77, 14, F1, 16, B2, 0F, 1A, 41, 00, E5, 90, C6, 9D, 92, 68, 69, 3B, 2E, B5, 0E, 77, C4, B8, 37, 02, E3, 9B, 34, 72, DD...
 
[+]

Entropy:
7.9519

Packer / compiler:
PECompact v2

Code size:
150.5 KB (154,112 bytes)

The file mbrcheck.exe has been discovered within the following programs.

ZebHelpProcess 2.44  by Nicolas Coolman
Publisher's description - “Zeb Help Process Analyzer is a HijackThis reports, diagHelp, PCA Security Scanner and Run Deckard's System Scanner (DSS). It also reorganizes Online Kaspersky Antivirus (KAV) and Malwarebytes' Anti-Malware (MBAM) reports.”
www.premiumorange.com/zeb-help-process/index.html
About 5% of users remove it
ZHPDiag 1.28  by Nicolas Coolman
Publisher's description - “ZHPDiag is a diagnosis tool (directed by Nicolas Coolman), an extract from Zeb Help Process. It allows rapid and full diagnosis of your computer.”
About 6% of users remove it
ZHPDiag 2014  by Nicolas Coolman
Publisher's description - “Diagnostic Software developed by Nicolas Coolman. This tool allows a quick and thorough diagnosis of the operating system. It scans the Registry and lists the sensitive areas that may be pirated. It is based on a system of white list per module which allows for shorter reports.”
nicolascoolman.webs.com
3% remove it
ZHPDiag 2015  by Nicolas Coolman
About 8% of users remove it
 
Powered by Should I Remove It?

The file mbrcheck.exe has been seen being distributed by the following 11 URLs.

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://www.geekstogo.com/forum/files/go/.../mbrcheck

http://download.bleepingcomputer.com/.../MBRCheck.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://ad13.geekstogo.com/MBRCheck.exe

Scan mbrcheck.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.