home

MalwareProtectionClient.exe

MalwareProtectionClient

Malware Protection Live

The executable MalwareProtectionClient.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler named MPLClient triggered to execute each time a user logs in. This file is typically installed with the program Malware Protection Live.
Publisher:
Malware Protection Live  (signed and verified)

Product:
MalwareProtectionClient

Version:
1.0.*

MD5:
8f6314f15cc67d536518021c80332aa2

SHA-1:
b162910d781d8dec328187c187f52b0449995238

SHA-256:
090ad175aef57781490eac1b364f175714c57fdc3c3ced2e54d0cd33c36c02ec

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 8:31:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.11.16

File size:
1.5 MB (1,599,008 bytes)

Product version:
1.0.*

Copyright:
Copyright © 2015

Original file name:
MalwareProtectionClient.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\malwareprotectionlive\malwareprotectionclient.exe

Digital Signature
Signed by:
Malware Protection Live

Authority:
thawte, Inc.

Valid from:
7/6/2015 7:00:00 AM

Valid to:
7/6/2017 6:59:59 AM

Subject:
CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0DB13F364982158C0E6000F666CC2AA4

File PE Metadata
Compilation timestamp:
1/5/2017 11:01:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x1764C2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6586

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.5 MB (1,525,248 bytes)

Scheduled Task
Task name:
MPLClient

Trigger:
Logon (Runs on logon)

Description:
Malware Protection Live Client


The file MalwareProtectionClient.exe has been discovered within the following program.

Malware Protection Live
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-35-164-134-69.us-west-2.compute.amazonaws.com  (35.164.134.69:80)

TCP (HTTP):
Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com  (54.69.82.117:80)

TCP (HTTP):
Connects to a23-53-107-27.deploy.static.akamaitechnologies.com  (23.53.107.27:80)

TCP (HTTP):
Connects to ec2-35-164-113-176.us-west-2.compute.amazonaws.com  (35.164.113.176:80)

TCP (HTTP):
Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com  (35.163.9.66:80)

TCP (HTTP):
Connects to a23-53-91-27.deploy.static.akamaitechnologies.com  (23.53.91.27:80)

Remove MalwareProtectionClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.