mtpc.exe

MyTurboPC

MyTurboPC LLC

The executable mtpc.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program MyTurboPC by MyTurboPC.com which is a potentially unwanted software program. While running, it connects to the Internet address host106-rangeA-akamai-aanp.cdn.bllon.isp.sky.com on port 80 using the HTTP protocol.
Publisher:
MyTurboPC.com  (signed by MyTurboPC LLC)

Product:
MyTurboPC

Version:
3.3.20.0

MD5:
5ced8ae8de524c25dc15ad6d7689afde

SHA-1:
3d8664ff2d249caf791712923f52d1931149c736

SHA-256:
9c81ce47739013622a97bbcf7dd4b862e395f916418d4406b28c1920880a6a8e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:20:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.12.16.0

File size:
5.5 MB (5,788,608 bytes)

Product version:
3.3.20.0

Copyright:
Copyright © 2016 MyTurboPC.com

Original file name:
mtpc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\myturbopc.com\myturbopc\mtpc.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
3/15/2016 12:00:00 AM

Valid to:
3/15/2017 11:59:59 PM

Subject:
CN=MyTurboPC LLC, O=MyTurboPC LLC, L=Elkhart, S=Indiana, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
47FEB1362892142E48C59A37E851814A

File PE Metadata
Compilation timestamp:
12/15/2016 5:58:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x34CA96

Entry point:
E8, 50, 5F, 01, 00, E9, 7F, FE, FF, FF, 3B, 0D, C0, 25, 90, 00, 75, 02, F3, C3, E9, 09, 29, 00, 00, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 6D, 8B, 45, 08, 85, C0, 75, 13, E8, 5C, 6F, 00, 00, 6A, 16, 5E, 89, 30, E8, C9, 04, 01, 00, 8B, C6, EB, 53, 57, 8B, 7D, 10, 85, FF, 74, 14, 39, 75, 0C, 72, 0F, 56, 57, 50, E8, F3, 81, 00, 00, 83, C4, 0C, 33, C0, EB, 36, FF, 75, 0C, 6A, 00, 50, E8, 31, 88, 00, 00, 83, C4, 0C, 85, FF, 75, 09, E8, 1B, 6F, 00, 00, 6A, 16, EB, 0C, 39, 75, 0C, 73, 13, E8, 0D...
 
[+]

Entropy:
6.6395

Code size:
4 MB (4,232,192 bytes)

Scheduled Task
Task name:
MyTurboPC Startup

Trigger:
Logon (Runs on logon)

Description:
Runs MyTurboPC at startup.


The file mtpc.exe has been discovered within the following program.

MyTurboPC  by MyTurboPC.com
Publisher's description - “MyTurboPC is a comprehensive diagnostic program that increases the speed, performance and security of your Windows based personal computer. It cleans your registry, defrag your PC or manage startup items to increase overall speed and performance.”
www.MyTurboPC.com
64% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-67-213.lhr5.r.cloudfront.net  (52.85.67.213:80)

TCP (HTTP):
Connects to host35-rangeA-akamai-aanp.cdn.bllon.isp.sky.com  (176.255.202.35:80)

TCP (HTTP):
Connects to host106-rangeA-akamai-aanp.cdn.bllon.isp.sky.com  (176.255.202.106:80)

TCP (HTTP):
Connects to ec2-52-72-90-125.compute-1.amazonaws.com  (52.72.90.125:80)

TCP (HTTP):
Connects to ec2-52-21-146-119.compute-1.amazonaws.com  (52.21.146.119:80)

Remove mtpc.exe - Powered by Reason Core Security