home

mail.com_MailCheck_Broker.exe

mail.com MailCheck for Internet Explorer

1&1 Mail & Media Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MailCheck IE Broker’.
Publisher:
1and1 Mail and Media Inc.  (signed by 1&1 Mail & Media Inc.)

Product:
mail.com MailCheck for Internet Explorer

Description:
mail.com MailCheck Service

Version:
1.9.4.0

MD5:
b5d271cd172e442c604c926f4992cbb4

SHA-1:
d0534b25c455fae450e20706b9e1eb72cd680c32

SHA-256:
1f95bc0f68749f374eaa28a75b827835773ec9ec222ef713ed4b1230ad73f09b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:37:27 PM UTC  (today)

File size:
1.6 MB (1,694,792 bytes)

Product version:
1.9.4.0

Copyright:
© 1&1 Mail & Media Inc. All rights reserved.

Original file name:
mail.com_MailCheck_Broker.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mail.com mailcheck\ie\mail.com_mailcheck_broker.exe

Digital Signature
Signed by:
1&1 Mail & Media Inc.

Authority:
Thawte, Inc.

Valid from:
6/29/2011 4:30:00 AM

Valid to:
6/29/2014 4:29:59 AM

Subject:
CN=1&1 Mail & Media Inc., OU=MAIL.com, O=1&1 Mail & Media Inc., L=Chesterbrook, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4537291B5E95E3DDBC002BFCB5EFEE18

File PE Metadata
Compilation timestamp:
12/10/2013 12:20:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:cFDTAmOOK/hY73eTzF83m/zMBj/J1OiMRpQ5vt4fPOlZoA6cmF:cFQmMnT9/2EiM/MF4fPOl6F

Entry address:
0xE6312

Entry point:
E8, A0, 93, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 56, 83, FB, 04, 72, 75, 8D, 73, FC, 85, F6, 74, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 75, FC, 72, C2, EB, 2E, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.5247

Code size:
1.2 MB (1,219,072 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MailCheck IE Broker

Command:
"C:\Program Files\mail.com mailcheck\ie\mail.com_mailcheck_broker.exe"


Scan mail.com_MailCheck_Broker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.