» MalwareProtectionClient.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

MalwareProtectionClient.exe

MalwareProtectionClient

Malware Protection Live

The executable MalwareProtectionClient.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MalwareProtectionLive’. This file is typically installed with the program Malware Protection Live.

File name:

Publisher:

Malware Protection Live (signed and verified)

Product:

MalwareProtectionClient

Version:

1.0.*

MD5:

7cbd4c203e6d39f79da956bbdcd85a20

SHA-1:

dc15c95d795409509ac2cb79099a6c3664c45a7f

SHA-256:

cd0222ad2ff3fed67433a83a4ba1afbb5f44a14b2159f84e4f996f80afd4a0b9

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

5/13/2024 8:22:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.12.6

File size:

1.1 MB (1,187,360 bytes)

Product version:

1.0.*

Original file name:

MalwareProtectionClient.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe

Digital Signature

Signed by:

Malware Protection Live

Authority:

thawte, Inc.

Valid from:

7/6/2015 8:00:00 AM

Valid to:

7/6/2017 7:59:59 AM

Subject:

CN=Malware Protection Live, O=Malware Protection Live, L=Fort Myers, S=Florida, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0DB13F364982158C0E6000F666CC2AA4

File PE Metadata

Compilation timestamp:

11/15/2016 5:28:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x111CE5

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.8322

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,113,600 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MalwareProtectionLive

Command:

C:\users\{user}\appdata\local\malwareprotectionlive\malwareprotectionclient.exe

The file MalwareProtectionClient.exe has been discovered within the following program.

Malware Protection Live

About 1% of users remove it

Remove MalwareProtectionClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.