updater.exe

Mx One Antivirus

Ldc

The executable updater.exe, “Mx One Antivirus - Guardian Updater” has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address 65-254-248-182.yourhostingaccount.com on port 80 using the HTTP protocol.
Publisher:
Ldc

Product:
Mx One Antivirus

Description:
Mx One Antivirus - Guardian Updater

Version:
4.00

MD5:
cf6a615e591dff2e969886342514fd08

SHA-1:
5e4dba0ad0ea598c9a92cce57245c9d2e6b039f2

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/23/2024 10:21:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/PWS.48640.13
7.11.187.144

McAfee
Artemis!CF6A615E591D
5600.6443

Norman
Suspicious_Gen2.ODLHW
11.20160331

Qihoo 360 Security
Win32/Trojan.Generic.e4f
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.155DB48A!358462602
23.00.65.16329

VIPRE Antivirus
Trojan.Win32.Generic
34940

File size:
47.5 KB (48,640 bytes)

Product version:
4.00

Copyright:
Red Mx ( Martin Malagon )

Trademarks:
http://www.LdcMx.info http://www.MxOne.net

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\mx one\updater.exe

File PE Metadata
Compilation timestamp:
3/15/2009 6:28:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:tQPRl7Yl4JP1+vBKUtaLPqR3nSE87T62eZHtMW3gXZUjtvW8xt8IZSd:GPHU4brPqZK7TLeZHhwpS8o828

Entry address:
0x1760

Entry point:
B8, E8, DD, 42, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 40, B9, BF, B0, 64, 7B, 5C, B6, DC, 3C, E7, 91, 92, D2, A3, 76, 0D, 24, F4, CA, 3C, 59, 72, 83, 08, 92, 1D, E1, 3E, F3, 41, 95, 53, 51, C5, 66, 11, C1, BA, 14, 9D, 11, 43, A6, 3D, DD, 29, 43, 71, 76, D5, 56, 94, B8, F7, 4B, 3E, 02, 55, EB, 80, 77, E1, 7B, 5A, 3E, F7, 67, 92, 36, 25, 5D, 36, 23, 3B, 37, 84, 2C, B1, 49, 60, 09, 9B, B5, 8F, E4, A1, 8B, CF, A5, F6, 51, FF...
 
[+]

Packer / compiler:
PECompact v2

Code size:
140 KB (143,360 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 65-254-248-182.yourhostingaccount.com  (65.254.248.182:80)

Remove updater.exe - Powered by Reason Core Security