» WEB.DE_MailCheck_Broker.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

WEB.DE_MailCheck_Broker.exe

WEB.DE MailCheck für Internet Explorer

1&1 Mail & Media GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MailCheck IE Broker’. This file is installed with the program WEB.DE MailCheck für Internet Explorer.

File name:

Publisher:

1und1 Mail und Media GmbH (signed by 1&1 Mail & Media GmbH)

Product:

WEB.DE MailCheck für Internet Explorer

Description:

WEB.DE MailCheck Dienst

Version:

2.4.0.0

MD5:

532330bcf21bb4d13e990e17b759df2d

SHA-1:

d2fd048453c11862a0d3c933a8718ffc76145ccd

SHA-256:

2f7e33807247a2cdff904a00c5ae188a5c66146ff7103f5c169026c4a2a72196

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/8/2024 12:05:30 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Win32.Virut.Y

8.14.04.20.09

File size:

1.7 MB (1,766,464 bytes)

Product version:

2.4.0.0

Original file name:

WEB.DE_MailCheck_Broker.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\web.de mailcheck\ie\web.de_mailcheck_broker.exe

Digital Signature

Signed by:

1&1 Mail & Media GmbH

Authority:

Thawte, Inc.

Valid from:

10/16/2013 2:00:00 AM

Valid to:

10/25/2016 1:59:59 AM

Subject:

CN=1&1 Mail & Media GmbH, OU=WEB.DE, O=1&1 Mail & Media GmbH, L=Montabaur, S=Rheinland-Pfalz, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

75666A569980B5C13E2BBA81CC81FF7B

File PE Metadata

Compilation timestamp:

10/16/2013 11:45:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:HgQng1b00Oxzp5WhSxcm1sKK3uKejuNK1:HJncczpbx7sN+ONy

Entry address:

0xE3A5B

Entry point:

E8, 8A, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, D0, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 66, 8B, 4D, 0C, 83, E8, 02, 3B, C2, 74, 05, 66, 39, 08, 75, F4, 66, 39, 08, 74, 02, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, 7D, 10, 00, 75, 04, 33, C0, 5D, C3, 8B, 55, 0C, 8B, 4D, 08, FF, 4D, 10, 74, 15, 0F, B7, 01, 66, 85, C0, 74, 0D, 66, 3B, 02, 75, 08, 83, C1, 02, 83, C2, 02, EB, E6, 0F, B7, 01, 0F, B7, 0A, 2B, C1, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 57, 85, F6, 74, 07, 8B... 
[+]

Code size:

1.2 MB (1,244,672 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MailCheck IE Broker

Command:

"C:\Program Files\web.de mailcheck\ie\web.de_mailcheck_broker.exe"

The file WEB.DE_MailCheck_Broker.exe has been discovered within the following program.

WEB.DE MailCheck für Internet Explorer by 1&1 Mail & Media Inc.

Publisher's description - “No matter where you are on the Internet on the go - the practical Mailcheck you informed directly in Internet Explorer 9 on new incoming emails. With just one click, you are back in your mailbox and have immediate access to your inbox and features all of your mailbox.”

go.web.de/tb/ie_productpage

19% remove it

Scan WEB.DE_MailCheck_Broker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.