mbtipv32.exe

MBTIV 응용 프로그램

The application mbtipv32.exe, “MBTIV MFC 응용 프로그램” has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MBTIPv32’. While running, it connects to the Internet address ac.79.2da9.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Product:
MBTIV 응용 프로그램

Description:
MBTIV MFC 응용 프로그램

Version:
1, 0, 0, 1

MD5:
46a12fa2fbaa2d56769655060666cbd5

SHA-1:
5b31e396e01add6496573e2e4ce99b188f2716a3

SHA-256:
fa9b73dc604870d61ab961634173dcee67dfa369bd0526a5548d07cb0e5492cd

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:56:54 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.CloverPlus.AB application
6.3.12010.0

Kaspersky
not-a-virus:AdWare.Win32.CloverPlus
15.0.2.529

File size:
197 KB (201,728 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2009

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\windows mbt icons\mbtipv32.exe

File PE Metadata
Compilation timestamp:
2/12/2017 5:42:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1E808

Entry point:
55, 8B, EC, 6A, FF, 68, 10, 48, 42, 00, 68, 72, E9, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, C8, 34, 42, 00, 59, 83, 0D, 00, CD, 42, 00, FF, 83, 0D, 04, CD, 42, 00, FF, FF, 15, C4, 34, 42, 00, 8B, 0D, E4, CC, 42, 00, 89, 08, FF, 15, C0, 34, 42, 00, 8B, 0D, E0, CC, 42, 00, 89, 08, A1, BC, 34, 42, 00, 8B, 00, A3, FC, CC, 42, 00, E8, 28, 01, 00, 00, 39, 1D, F0, BF, 42, 00, 75, 0C, 68, 9C, E9, 41, 00, FF, 15, B8, 34...
 
[+]

Entropy:
6.0672

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
136 KB (139,264 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MBTIPv32

Command:
C:\users\{user}\appdata\local\windows mbt icons\mbtipv32.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-25-221.sea32.r.cloudfront.net  (52.84.25.221:80)

TCP (HTTP):

TCP (HTTP):
Connects to mpr2.ngd.vip.sg3.yahoo.com  (106.10.198.32:80)

TCP (HTTP):

TCP (HTTP):
Connects to ox-173-241-248-143.xf.dc.openx.org  (173.241.248.143:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-7-235-158.compute-1.amazonaws.com  (52.7.235.158:8080)

TCP (HTTP):

TCP (HTTP):
Connects to 151.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.87:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.45:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-0-146-38.compute-1.amazonaws.com  (52.0.146.38:8080)

TCP (HTTP):
Connects to ac.79.2da9.ip4.static.sl-reverse.com  (169.45.121.172:80)

TCP (HTTP):
Connects to a118-215.57-156.deploy.akamaitechnologies.com  (118.215.57.156:80)

Remove mbtipv32.exe - Powered by Reason Core Security