» mtupdate.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

mtupdate.exe

Mayris Corporation

The application mtupdate.exe by Mayris has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MaxTorrent’. This file is typically installed with the program MaxTorrent by Mayris Corporation. While running, it connects to the Internet address mx114.tiptopbarginspots.com on port 80 using the HTTP protocol.

File name:

mtupdate.exe

Publisher:

Mayris Corporation (signed and verified)

MD5:

09de7e758b8e663740324053b157ccc4

SHA-1:

40ba8a480a1270b8c0d6e05b8e962b0c1676c8c9

SHA-256:

d5d9fe2662a092f82a4474ef2da74111318ce1de35cd33517aec54cf348d069a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 12:35:58 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Startup.I

14.11.20.9

File size:

39.6 KB (40,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\maxtorrent\mtupdate.exe

Digital Signature

Signed by:

Mayris Corporation

Authority:

COMODO CA Limited

Valid from:

12/6/2013 5:00:00 AM

Valid to:

12/7/2014 4:59:59 AM

Subject:

CN=Mayris Corporation, OU=Development Department, O=Mayris Corporation, STREET="50th Street , Global Plaza Tower", STREET="16th Floor, Suite H", L=Panama City, S=Outside United States, PostalCode=0834, C=PA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

64877F8F62583B45754C6201ED08A920

File PE Metadata

Compilation timestamp:

12/20/2013 1:02:22 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

768:If8t5sjg8CKmPXnO0P/VyR2ufG3LbYa84SSBoQEOadVSaJshk:oZj0Kmvb8R2CKYa841yOMohk

Entry address:

0x5269

Entry point:

E8, E5, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, 74, 61, 40, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 18, 90, 40, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B0, 93, 40, 00, 89, 0D, AC, 93, 40, 00, 89, 15, A8, 93, 40, 00, 89, 1D, A4, 93, 40, 00, 89, 35, A0, 93, 40, 00... 
[+]

Code size:

20 KB (20,480 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MaxTorrent

Command:

"C:\Documents and Settings\{user}\Application data\maxtorrent\mtupdate.exe"

The file mtupdate.exe has been discovered within the following program.

MaxTorrent by Mayris Corporation

www.maxtorrent.pro

About 5% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mx114.tiptopbarginspots.com (5.149.249.114:80)

Remove mtupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.