home

mp.exe

The executable mp.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from cdn.searchtooknow.com.
Version:
1.0.5822.27661

MD5:
3066be083cbb75478d0f122cc97aa649

SHA-1:
6a5545400d67587d9079351830789181b9e86694

SHA-256:
8a5d4ac3618e37d55088c33e78e3f3bf002b76b9f96fa7b43b84e856a104b91f

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
1/12/2025 1:05:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160215-2

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!36A0CEA2096F
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.1857.0

Norman
Win32.Sality.3
29.02.2016 05:46:54

VIPRE Antivirus
Threat.4721115
47848

File size:
136.1 KB (139,336 bytes)

Product version:
2015.12.10

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\mp.exe

File PE Metadata
Compilation timestamp:
6/5/2014 7:58:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:Kn3AcIwRBSvCHHmB1L5TUZDMM0ML+IA+c4FAdJZXWJArwWQ:qQyZHHmX9TUnwIvOXdpQ

Entry address:
0x31E4

Entry point:
69, F6, BF, EF, CC, 17, 84, E8, 85, D3, FE, C7, 8B, C8, 69, D2, 8F, 83, 4D, 98, 68, 61, 5D, 64, 00, 85, C7, BA, 00, 00, 00, 00, 88, F5, F7, C7, BE, 46, E4, 15, 41, 0F, BE, F4, 4D, 8B, E8, 0F, B7, C2, 80, CB, 4B, 8B, FF, 0F, BF, D9, 81, FF, FE, D5, 00, 00, 76, 07, 48, 80, CB, 16, C6, C4, C4, FE, C0, 48, 0B, C6, 8D, 1D, 8D, FF, 01, 00, 85, D1, 81, C3, A6, 6D, 01, 00, F7, C3, 3E, C9, F8, 8C, FF, C8, 40, BF, 00, 00, 00, 00, C7, C0, 63, D2, 33, E5, F7, C6, E0, 9F, 49, 90, C7, C0, 59, FD, 51, F2, 87, FB, 85, F2...
 
[+]

Entropy:
7.7892  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file mp.exe has been seen being distributed by the following URL.

http://cdn.searchtooknow.com/.../mp?mpt=64&v=1.0.5822.27661

Remove mp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.