» mweshield.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

mweshield.exe

My Web Shield

Chichek Konstrakshn, TOV

The application mweshield.exe, “My Web Shield Sentinel” by Chichek Konstrakshn, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “My Web Shield Sentinel”. While running, it connects to the Internet address mx94.tiptopbarginspots.com on port 80 using the HTTP protocol.

File name:

mweshield.exe

Publisher:

"My Web Shield" (signed by Chichek Konstrakshn, TOV)

Product:

My Web Shield

Description:

My Web Shield Sentinel

Version:

3.0.0.0

MD5:

fba68bcdd41b584119d0b050a73d2839

SHA-1:

9faccb243c0d555420e7a4f7f3ae0ec07095524d

SHA-256:

677cb38bf7dc211f7c522aace5efaba76f0dba0bce4a6af2ee8c828170c8ffd0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/29/2024 2:01:08 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MyWebShield (M)

17.3.7.11

File size:

784.3 KB (803,128 bytes)

Product version:

3.0.0.0

Original file name:

mweshield.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\my web shield\mweshield.exe

Digital Signature

Signed by:

Chichek Konstrakshn, TOV

Authority:

COMODO CA Limited

Valid from:

8/22/2016 3:00:00 AM

Valid to:

8/23/2017 2:59:59 AM

Subject:

CN="Chichek Konstrakshn, TOV", OU=IT, O="Chichek Konstrakshn, TOV", STREET="vul. Kikvidze, 5", L=Kyyiv, S=Kyyiv, PostalCode=01103, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

39D3FCDE4532A63BD298039D0555D0C2

File PE Metadata

Compilation timestamp:

8/31/2016 1:56:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x65586

Entry point:

E8, 76, A1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 5B, 49, 00, E8, B4, 38, 00, 00, E8, A2, 5B, 00, 00, 0F, B7, F0, 6A, 02, E8, 09, A1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C8, 5E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

505.5 KB (517,632 bytes)

Service

Display name:

My Web Shield Sentinel

Service name:

mweshield

Type:

Win32OwnProcess

Depends on:

RPCSS

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mx94.tiptopbarginspots.com (5.149.249.94:80)

Remove mweshield.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.