MPCTray.exe

MPC Cleaner

DotCash Limited

The application MPCTray.exe by DotCash Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program MPC Cleaner by DotCash Limited which is a potentially unwanted software program. While running, it connects to the Internet address md-77.webhostbox.net on port 80 using the HTTP protocol.
Publisher:
DotC United Inc  (signed by DotCash Limited)

Product:
MPC Cleaner

Description:
MPC Tray

Version:
4, 3, 13364, 0822

MD5:
a3ecc8b2109a6f8091d7c457758844f3

SHA-1:
eaf052b8ff9e8acafe96723f0098c0ab710877db

SHA-256:
398b9784731795a2a9159ae69dea840751d74fbe0f64b1e1929ea2fce6c6f138

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:21:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DotC.MPC (L)
16.8.22.13

File size:
168 KB (172,000 bytes)

Product version:
4, 3, 13364, 0822

Copyright:
Copyright (c) 2016 DotC United Inc.

Original file name:
MPCTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mpc cleaner\mpctray.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/7/2015 12:00:00 AM

Valid to:
12/29/2016 11:59:59 PM

Subject:
CN=DotCash Limited, OU=IT, O=DotCash Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C04DCC9BE35C558422BAFEF34984975

File PE Metadata
Compilation timestamp:
8/22/2016 11:36:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:b3l5mURAfEWfXWbPbXI31rrfBxgOaaY3J+4PxyQCKQXvfxfnFqcMegZ4Ggufeo+6:Dl5mSXWSI31rrPgOc3J+451xgvfx0feq

Entry address:
0x9F8E

Entry point:
E8, 8B, 05, 00, 00, E9, D8, FC, FF, FF, FF, 25, C8, C2, 40, 00, FF, 25, C4, C2, 40, 00, FF, 25, C0, C2, 40, 00, FF, 25, BC, C2, 40, 00, FF, 25, B8, C2, 40, 00, FF, 25, B4, C2, 40, 00, FF, 25, B0, C2, 40, 00, FF, 25, AC, C2, 40, 00, FF, 25, A8, C2, 40, 00, FF, 25, A4, C2, 40, 00, FF, 25, A0, C2, 40, 00, FF, 25, 9C, C2, 40, 00, FF, 25, 98, C2, 40, 00, FF, 25, 94, C2, 40, 00, FF, 25, 90, C2, 40, 00, FF, 25, 8C, C2, 40, 00, FF, 25, 88, C2, 40, 00, FF, 25, 84, C2, 40, 00, FF, 25, 80, C2, 40, 00, FF, 25, 7C, C2...
 
[+]

Code size:
42 KB (43,008 bytes)

The file MPCTray.exe has been discovered within the following program.

MPC Cleaner  by DotCash Limited
www.mpc.solution
66% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.77.10.251.148.clients.your-server.de  (148.251.10.77:80)

TCP (HTTP):
Connects to md-77.webhostbox.net  (199.79.62.63:80)

TCP (HTTP):
Connects to static.15.10.251.148.clients.your-server.de  (148.251.10.15:80)

TCP (HTTP):
Connects to static.84.10.251.148.clients.your-server.de  (148.251.10.84:80)

TCP (HTTP):
Connects to static.76.10.251.148.clients.your-server.de  (148.251.10.76:80)

Remove MPCTray.exe - Powered by Reason Core Security