mtaclient.exe

The executable mtaclient.exe has been detected as malware by 13 anti-virus scanners. While running, it connects to the Internet address multitheftauto.com on port 80 using the HTTP protocol.
MD5:
e6102c68c4ec69c83e8ee6e1793f1c7e

SHA-1:
0b3da25ea066982c90e721977c54fcfd79377039

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 5:45:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Probably
7.1.1

AhnLab V3 Security
Win-Trojan/Obfuscated.435200.Q
2015.03.14

avast!
Win32:Malware-gen
2014.9-160127

Bkav FE
HW32.Packed
1.3.0.6379

ESET NOD32
Win32/Packed.GHFProtector.A suspicious (variant)
10.11315

Fortinet FortiGate
W32/NewThreat!Morphine
1/27/2016

K7 AntiVirus
Trojan
13.200.15256

Norman
Tracur.AL
11.20160127

Panda Antivirus
Generic Malware
16.01.27.09

Rising Antivirus
PE:Trojan.Win32.Generic.15374BCF!355945423
23.00.65.16125

Trend Micro House Call
Cryp_Morphine
7.2.27

Trend Micro
Cryp_Morphine
10.465.27

VIPRE Antivirus
Packer.Morphine.Gen
38390

File size:
425 KB (435,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\multi theft auto 0.5r2\mtaclient.exe

File PE Metadata
Compilation timestamp:
5/19/1997 7:33:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.1

CTPH (ssdeep):
12288:d6x1fYXWX5QgD0pCkjG6mTZkTLmcR0yoOSKJ:dzXWfD4m5TpA0

Entry address:
0x1622

Entry point:
85, D2, 56, 66, 83, E3, FF, 5E, F6, C4, BC, 3A, CC, 3D, CD, 3C, 61, 68, 90, 47, 4F, 60, 50, A9, D8, D9, 2F, 9B, 58, 50, 04, 00, 58, 7E, 02, 22, ED, 8B, C9, 90, F8, BB, 2B, 01, 00, 00, 87, FB, 55, 5D, 8D, 3F, B9, 97, FA, FF, FF, 91, 73, 08, 79, 06, 57, 66, A9, 16, CF, 5F, 84, D2, 66, 83, E6, FF, 51, 51, 66, B9, 7C, F3, 59, 59, 7C, 07, 50, 56, 7E, 01, F8, 5E, 58, FC, 90, EB, 02, EB, 05, E8, F9, FF, FF, FF, 77, 06, 81, FD, B3, 9C, B8, 00, 90, F9, 66, 83, CA, 00, F9, 7A, 07, 57, 55, 55, 4D, 5D, 5D, 5F, F8, 8D...
 
[+]

Entropy:
7.9937  (probably packed)

Code size:
419 KB (429,056 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to multitheftauto.com  (91.121.44.90:80)

Remove mtaclient.exe - Powered by Reason Core Security