home

mpsconnectioncheck.exe

The application mpsconnectioncheck.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from www.mcallisterpaymentsolutions.com.
MD5:
e0cfc3da7ea8ccf4e621174eb854c40c

SHA-1:
e16d310eda23fe5c9affdf1875ab9ea8fc80d06d

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:23:45 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/UBar.fdb
7.11.131.238

Baidu Antivirus
AdWare.Win32.UBar
4.0.3.141230

Comodo Security
UnclassifiedMalware
17793

IKARUS anti.virus
AdWare.UBar
t3scan.2.2.29

Rising Antivirus
PE:Trojan.Win32.Generic.14C35F8A!348348298
23.00.65.15409

File size:
955 KB (977,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\avimark\mpsconnectioncheck.exe

File PE Metadata
Compilation timestamp:
12/13/2011 3:50:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:NlpDEsdSBqAMZsTb3FEVkQBj4odiMRuDUrUtXD:NlmF+U3QUtT

Entry address:
0xD3468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 24, EA, 4C, 00, E8, 4C, 40, F3, FF, A1, C0, 68, 4D, 00, 8B, 00, E8, A8, 20, F9, FF, A1, C0, 68, 4D, 00, 8B, 00, B2, 01, E8, 72, 3F, F9, FF, 8B, 0D, 04, 6A, 4D, 00, A1, C0, 68, 4D, 00, 8B, 00, 8B, 15, C0, 5E, 4C, 00, E8, 9A, 20, F9, FF, A1, C0, 68, 4D, 00, 8B, 00, E8, C6, 21, F9, FF, E8, 4D, 17, F3, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6520

Developed / compiled with:
Microsoft Visual C++

Code size:
841 KB (861,184 bytes)

The file mpsconnectioncheck.exe has been seen being distributed by the following URL.

http://www.mcallisterpaymentsolutions.com/files/vet/.../b5c5fe71.exe

Remove mpsconnectioncheck.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.