mtupdate.exe

Mayris Corporation

The application mtupdate.exe by Mayris has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MaxTorrent’. This file is typically installed with the program MaxTorrent by Mayris Corporation. While running, it connects to the Internet address mx114.tiptopbarginspots.com on port 80 using the HTTP protocol.
Publisher:
Mayris Corporation  (signed and verified)

MD5:
09de7e758b8e663740324053b157ccc4

SHA-1:
40ba8a480a1270b8c0d6e05b8e962b0c1676c8c9

SHA-256:
d5d9fe2662a092f82a4474ef2da74111318ce1de35cd33517aec54cf348d069a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 5:58:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup.I
14.11.20.9

File size:
39.6 KB (40,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\maxtorrent\mtupdate.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/6/2013 5:00:00 AM

Valid to:
12/7/2014 4:59:59 AM

Subject:
CN=Mayris Corporation, OU=Development Department, O=Mayris Corporation, STREET="50th Street , Global Plaza Tower", STREET="16th Floor, Suite H", L=Panama City, S=Outside United States, PostalCode=0834, C=PA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
64877F8F62583B45754C6201ED08A920

File PE Metadata
Compilation timestamp:
12/20/2013 1:02:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:If8t5sjg8CKmPXnO0P/VyR2ufG3LbYa84SSBoQEOadVSaJshk:oZj0Kmvb8R2CKYa841yOMohk

Entry address:
0x5269

Entry point:
E8, E5, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, 74, 61, 40, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 18, 90, 40, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B0, 93, 40, 00, 89, 0D, AC, 93, 40, 00, 89, 15, A8, 93, 40, 00, 89, 1D, A4, 93, 40, 00, 89, 35, A0, 93, 40, 00...
 
[+]

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MaxTorrent

Command:
"C:\Documents and Settings\{user}\Application data\maxtorrent\mtupdate.exe"


The file mtupdate.exe has been discovered within the following program.

MaxTorrent  by Mayris Corporation
www.maxtorrent.pro
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mx114.tiptopbarginspots.com  (5.149.249.114:80)

Remove mtupdate.exe - Powered by Reason Core Security