updater.exe

Mx One Antivirus

Ldc

The executable updater.exe, “Mx One Antivirus - Guardian Updater” has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address 65-254-248-182.yourhostingaccount.com on port 80 using the HTTP protocol.
Publisher:
Ldc

Product:
Mx One Antivirus

Description:
Mx One Antivirus - Guardian Updater

Version:
4.00

MD5:
086cc3f678907ac57ac855536fbd4b41

SHA-1:
316668c6e506e2202387d60bdf462742499c17c8

SHA-256:
56664c9779005e847f361e77a3f485453a31958e28114ad4e8b0c49f701a29dc

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/23/2024 11:02:30 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.2017587
0.98/21511

F-Secure
Rogue:W32/MxOneAntivirus
11.2015-22-11_1

Trend Micro House Call
TROJ_RANSOM.DL
7.2.326

Trend Micro
TROJ_RANSOM.DL
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
44182

File size:
47.5 KB (48,640 bytes)

Product version:
4.00

Copyright:
Red Mx ( Martin Malagon )

Trademarks:
http://www.LdcMx.info http://www.MxOne.net

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish (Spain, International Sort)

Common path:
C:\Program Files\mx one\updater.exe

File PE Metadata
Compilation timestamp:
4/11/2009 8:56:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:uRHaUEe56OqF7ciEtDvPQ8amjAUpSjtvW8xtWfZ:uZaUP56hF7ciMjtAUy8oWx

Entry address:
0x1774

Entry point:
B8, E4, DD, 42, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 4D, 0C, 97, 3E, 04, E5, 05, B7, AB, 19, E3, C5, E7, 68, F6, 68, 56, C9, 40, EB, E1, 21, 94, 2D, D4, FC, 3E, F9, 94, 5E, C1, 3E, 7F, DA, 84, AA, 41, 87, 4B, 58, 6B, 91, 67, 28, 6B, 30, 2C, 65, A9, F5, CF, 88, 5C, E4, 11, 8A, 7F, EC, 4B, 7D, D9, 5F, 96, 17, A6, A6, 80, AD, 2C, 44, 21, 87, A9, 0E, 33, 98, 8E, 3A, D4, 0F, 21, 21, 15, A3, B6, C9, B8, 97, E3, 10, 97, B8, 51...
 
[+]

Packer / compiler:
PECompact v2

Code size:
140 KB (143,360 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 65-254-248-182.yourhostingaccount.com  (65.254.248.182:80)

Remove updater.exe - Powered by Reason Core Security