» mpc-hc64.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

mpc-hc64.exe

MPC-HC

MPC-HC Team

The executable mpc-hc64.exe has been detected as malware by 11 anti-virus scanners. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server. While running, it connects to the Internet address rmfstream2.interia.pl on port 8000.

File name:

mpc-hc64.exe

Publisher:

MPC-HC Team

Product:

MPC-HC

Description:

MPC-HC x64

Version:

1.7.8.152 (3f78c2a) (develop)

MD5:

93d91df628a99c41583c9680137ac147

SHA-1:

7aae1c966bce3b0a6e99fce07aac28ee2a8247dc

SHA-256:

b2787cab4879ecb30f9f6f01f7bd5c583c0515713c00ded3753757a335752c1e

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/10/2026 5:33:27 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Neshta

2015.05.21

AVG

Worm/Delf

2016.0.3045

Baidu Antivirus

Virus.Win32.Neshta.$a

4.0.3.15718

ESET NOD32

Win32/Neshta

9.11656

Fortinet FortiGate

W32/Neshta.A

7/18/2015

G Data

Win32.Neshta

15.7.25

IKARUS anti.virus

Virus.Win32.Neshta

t3scan.1.8.9.0

Panda Antivirus

W32/Neshta.A

15.07.18.07

Qihoo 360 Security

Win32/Virus.80d

1.0.0.1015

Rising Antivirus

PE:Win32.Netsha.a!411233

23.00.65.15716

Vba32 AntiVirus

Virus.Win32.Neshta.a

3.12.26.4

File size:

7.8 MB (8,145,920 bytes)

Product version:

1.7.8.152 (3f78c2a) (develop)

Original file name:

mpc-hc64.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\k-lite codec pack\mpc-hc64\mpc-hc64.exe

File PE Metadata

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:MEjPYTv8JxbFn1F4zRBqPz22zgOgybB20oPAzNPsJ8waUtGb7zPlfU21hDi1IMOM:MED2qSRGb+7fWn7cK9I594RKhbai

Entry address:

0x5822A8

Entry point:

48, 83, EC, 28, E8, 83, 89, 01, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 81, 7E, 11, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, D5, C8, 00, 00, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 4C, 8B, D9, 4C, 8B, D2, 49, 83, F8, 10, 0F, 86, B9, 00, 00, 00, 48, 2B, D1, 73, 0F, 49, 8B, C2, 49, 03, C0, 48, 3B, C8, 0F, 8C, 96, 03, 00, 00, 0F, BA, 25, 10... 
[+]

Entropy:

6.2246

Code size:

6.6 MB (6,908,928 bytes)

Autoplay Handler

Display name:

MPCPlayBluRayOnArrival

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to rmfstream5.interia.pl (31.192.216.5:8000)

TCP:

Connects to rmfstream2.interia.pl (217.74.72.11:8000)

TCP (HTTP):

Connects to ip156.ip-193-70-116.eu (193.70.116.156:8080)

TCP (HTTP):

Connects to host-230110.fivenetwork.com (202.177.230.10:80)

Remove mpc-hc64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.