mrl.exe

SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO

The application mrl.exe by SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address unknown.telstraglobal.net on port 80 using the HTTP protocol.
MD5:
f93753d8ef177eb40c5028bb197b2a3e

SHA-1:
49f0b20d04c10fe3ad1793cac2324d779f49fafa

SHA-256:
41cfa7613e37a917c6cf3696662b8c1a1a129c8267da4dedb651c001e70c126a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:45:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SHANGHAIFENGHANNETWORKINFORMATIONTECHNOLOGYSTUDIO (M)
15.10.21.12

File size:
3.4 MB (3,523,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\meirenli\mrl.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/7/2014 8:00:00 AM

Valid to:
4/7/2017 7:59:59 AM

Subject:
CN=SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SHANGHAI FENGHAN NETWORK INFORMATION TECHNOLOGY STUDIO, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
694E2E0ECECA0C1410EC755324F4D446

File PE Metadata
Compilation timestamp:
9/21/2015 5:33:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:E16phQCfmajgVl0PhYpGFmx4pTqLmKZK+HFHzO98XgaSclIAtmN7k/fC1QAthZ8P:vQChgVl0Php8CKjHFHVXgqya4P8Ony

Entry address:
0xB7A62

Entry point:
E8, 10, BC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 6F, 90, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 62, 09, 00, 00, 83, C4, 14, 83, C8, FF, EB, 68, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, EC, 42, 00, 00, 00, C7, 45, E4, FF, FF, FF, 7F, E8, AB, BD, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 0A, 8B, 45, E0, 88, 18, FF, 45, E0, EB, 0C, 8D, 45, E0, 50, 53, E8, 29, BC...
 
[+]

Entropy:
7.4614

Code size:
1.3 MB (1,378,304 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 223-26-106-20-static.tpix.net.tw  (223.26.106.20:80)

TCP (HTTP):
Connects to 223-26-106-19-static.tpix.net.tw  (223.26.106.19:80)

TCP (HTTP):
Connects to host-203-133-25-29.ip.kbtelecom.net  (203.133.25.29:80)

TCP (HTTP):
Connects to 223-26-106-36-static.tpix.net.tw  (223.26.106.36:80)

TCP (HTTP):
Connects to a203-133-9-34.deploy.akamaitechnologies.com  (203.133.9.34:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (202.127.76.232:80)

TCP (HTTP SSL):
Connects to ns386119.ovh.net  (176.31.241.10:443)

TCP (HTTP):
Connects to 223-26-106-37-static.tpix.net.tw  (223.26.106.37:80)

Remove mrl.exe - Powered by Reason Core Security