home

mbar-1.07.0.1012.exe

Malwarebytes Anti-Rootkit

Malwarebytes Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.fr.uptodown.com and multiple other hosts.
Publisher:
Malwarebytes Corp.  (signed by Malwarebytes Corporation)

Product:
Malwarebytes Anti-Rootkit

Version:
1.07.0.1012

MD5:
dff72b75746001a9060ab2b80310012e

SHA-1:
8aad60c03e2c49aa29e56dbbb4e00ba5ecbfcb54

SHA-256:
29660dd1827b1e5c9a3972677359bdb15e22ba8fc730dc097289af9d99714f27

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:00:48 PM UTC  (today)

File size:
13.7 MB (14,349,744 bytes)

Product version:
1.07.0.1012

Copyright:
Copyright © Malwarebytes Corporation

Original file name:
mbar.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mbar-1.07.0.1012.exe

Digital Signature
Signed by:
Malwarebytes Corporation

Authority:
VeriSign, Inc.

Valid from:
4/29/2013 5:00:00 PM

Valid to:
6/19/2016 4:59:59 PM

Subject:
CN=Malwarebytes Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Malwarebytes Corporation, L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6F36C4B74B4F8AB001F039D692A75B49

File PE Metadata
Compilation timestamp:
12/30/2012 1:50:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
393216:UCq+/br9mEHMBleT8cskB4p1G0YT+7kT1lvgHv/Eou:R397HM/csk4pY0YTa2zvgPMF

Entry address:
0x168BF

Entry point:
55, 8B, EC, 6A, FF, 68, 60, A0, 41, 00, 68, 50, 6A, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, 81, 41, 00, 59, 83, 0D, 24, EB, 41, 00, FF, 83, 0D, 28, EB, 41, 00, FF, FF, 15, E0, 81, 41, 00, 8B, 0D, 04, CB, 41, 00, 89, 08, FF, 15, E4, 81, 41, 00, 8B, 0D, 00, CB, 41, 00, 89, 08, A1, E8, 81, 41, 00, 8B, 00, A3, 20, EB, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, D0, C7, 41, 00, 75, 0C, 68, 48, 6A, 41, 00, FF, 15, EC, 81...
 
[+]

Entropy:
7.9959

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
88.5 KB (90,624 bytes)

The file mbar-1.07.0.1012.exe has been discovered within the following program.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file mbar-1.07.0.1012.exe has been seen being distributed by the following 17 URLs.

http://dw.fr.uptodown.com/dl/1425994767/.../malwarebytes-anti-rootkit-1-07-0-1012-en-win.exe

http://dw12.uptodown.com/dwn/NqXso1xHaEIRxVlCj0XF_9j6O2xuNOnQMRM9DPtdiLRhzCYsL7cBUhuwUQMTVvOP4tvXnlh6Zman5FtfXmil9Zpu0ECzLPkbU8G4AgRUdcLAJ_yswENHTWzR23R0znS0/g0Gco6XtRxa724r2bnpn4twC61xcnYpBVRLcHLxUwCgL6mh3LetZQJTRqKlr0DKd306HxDg79x0TJjVTh84MJ4WqMmWw_x3sSVXrxmNn5NqZcQNQUk9rcP0vdsCdHO3a/evXVU3e2EirSahw8I3EOvoHi-WjvJLsvh6Firl5hMNWn7aWnlAT4yWQ_xWH3HaFCRCNzHoHlnirVQ7tSoGqKz0Hza1KYl-2ALRryhfU0JHxUJ-mEDt82eqIyVjIQvpn1/.../malwarebytes-anti-rootkit-1-07-0-1012-en-win.exe

http://dw.uptodown.com/dwn/mbLzvVmujk4G3jGlJv0fMpL3_kdqioXL0ik8XScAeAkJ2Ay2N5s3MdIF5pMxP5LdjbzzcP6wPzFD7RWlIGcDBICQoaNvxViOK6hEao0nJk3K7o0a03m8c4h-QrgOHcg7/GujgnBVdT2fb9GcbFM7Xrnc9WfMW-x0OgHgL2Tc_ftRk1teVJJ9rgJAE-HU0q5l2LKUvYmPbYyk1y4-3CASitbpvR-kh_wbrBLCS9F0Ctpbgnpo4Zk69ZWUlo8OGSMLp/IdAQ0SeyV4UmKgUM9sELGHNYh9dNjbCSQeLVWFiE8WdF8B_T2MHo81xBlgzxwADGObbq5fPbIa29g4B-wkjOP-VbxThavSh5cqjOUjg9YJFeocC3iC3s6ZeL4KVjvU8I/.../

http://dw.uptodown.com/dwn/uAXDwDpxMLeKhyPKnFZco3xSe157vk0LNIcxwfCXyWUcX_XTK0ouT_KoRLslSngne9tnvWaZzzwc_ajnFpT_Y0ktVAPjOtj5ENw3MBm1gycl6pAD-tb9tTtHpf6oTqed/XJB7yTVIECPUeMvRUoO-TE4MVsOoozDc2TO9bRPdEpoZq5RAak7kk1m7XG_H9L5mtGGkm9OqBEyRPXdd1gABP7iSDaNvrSAxLohqpMtmFbYBHqBMQAvh5qi5JIEnDAwC/.../

http://dw.fr.uptodown.com/dl/1444460681/.../malwarebytes-anti-rootkit-1-07-0-1012-en-win.exe

http://dw.ru.uptodown.com/dl/1433743568/.../malwarebytes-anti-rootkit-1-07-0-1012-en-win.exe

http://dw.fr.uptodown.com/dl/1431809236/.../malwarebytes-anti-rootkit-1-07-0-1012-en-win.exe

http://gslink.us/.../mbar

http://www.darmoweprogramy.org/download-file/.../

http://external.comss.ru/url.php?url=http://data-cdn.mbamupdates.com/v1/mbar/beta/.../mbar-1.07.0.1012.exe

http://gslink.us/mbar

http://www.infospyware.com/.../click.php?id=19

http://data-cdn.mbamupdates.com/v1/mbar/beta/.../mbar-1.07.0.1012.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://www.techspot.com/downloads.php?action=download_now&id=5603&evp=01767b771277d7ae0695ac871a34b069&file=1

http://downloads.malwarebytes.org/.../mbar

http://downloads.malwarebytes.org/file/.../

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.