mp.exe

The executable mp.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.searchmorenow.com.
Version:
1.0.5806.30838

MD5:
312939595d6eb8225141fb65676cf024

SHA-1:
6c2e15b852d47a803ebe592caeb3514bd2e17d95

SHA-256:
bec7c3b5d5626ab7347eb13326edd69be654bd520e45c2f5aa283c90e31b895e

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/26/2024 6:20:34 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

McAfee
Trojan.Artemis!CBA2419538E6
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.403.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
161.1 KB (164,976 bytes)

Product version:
2015.11.24

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mp.exe

File PE Metadata
Compilation timestamp:
6/5/2014 7:58:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:Fn3AcIm7RBSNCrKYbxbo8Tu23fGFUp0M0h7mTwmHdMqvq:tQw9jrKYbxC23fcUY7EwmHmqvq

Entry address:
0x31E4

Entry point:
60, 76, 05, BB, 79, 2C, 72, BD, 81, FB, 69, B2, 00, 00, 73, 04, B1, BF, 8A, C3, 71, 06, C7, C7, 64, 6C, 47, D5, 12, F3, 0F, BE, F0, 8A, F6, 3B, EE, 21, CA, C6, C6, 3D, 57, 81, DB, 98, 7C, 5E, EB, 8A, D1, 89, C7, B1, C9, 0F, B7, CD, 33, F9, E8, 2A, 00, 00, 00, 6B, F6, 00, 46, FE, CE, F2, EB, 0B, F7, C5, B5, 2A, 01, F3, 2C, D0, F6, C1, B1, 69, FE, B0, CA, 54, F6, 8A, EE, FF, C8, 81, FE, 78, 00, 00, 00, 0F, 86, D9, FF, FF, FF, 8A, D4, B9, B3, C8, 5D, C2, 8D, 15, 30, 92, F4, 6E, FF, C1, 81, C7, 64, 2F, 65, E8...
 
[+]

Entropy:
7.8431  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file mp.exe has been seen being distributed by the following URL.

Remove mp.exe - Powered by Reason Core Security