home

mcmyop.exe

The executable mcmyop.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz. While running, it connects to the Internet address 58x158x177x102.ap58.ftth.ucom.ne.jp on port 1337.
MD5:
90f41654233c0dd6a22a3fd2947284f4

SHA-1:
33e5f7545fee867fc6160a5aa0afa08f799d74f4

SHA-256:
43650325ebb008a52d3bbe2982beb88c6f653cabbaa90f6b6c6e2eac7e2d9e9b

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/17/2024 11:44:05 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
MSIL:Crypt-ZT [Trj]
160119-0

Dr.Web
Trojan.DownLoader17.44237
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Barys.45293
10.0.0.5366

ESET NOD32
MSIL/Kryptik.EMS trojan
7.0.302.0

F-Secure
Variant.Barys.45293
5.15.21

McAfee
Trojan.Artemis!90F41654233C
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5468.0

Norman
Gen:Variant.Barys.45293
03.02.2016 07:38:05

File size:
500 KB (512,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mcmyop.exe

File PE Metadata
Compilation timestamp:
12/6/2015 7:48:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:obtkNL7CJlTl8ovzZ9B9ZPI9muh1yEsI+:HNLuJhl8kfB9ZPI9muh19s

Entry address:
0x5A40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
356 KB (364,544 bytes)

The file mcmyop.exe has been seen being distributed by the following URL.

https://mega.nz/temporary/.../wE5RVZ6C

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to 58x158x177x102.ap58.ftth.ucom.ne.jp  (58.158.177.102:1337)

Remove mcmyop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.