» mfschedule.exe
Overview
Analysis
File Details

mfschedule.exe

MendFast Schedule

Smart PC Solutions, Inc.

The application mfschedule.exe by Smart PC Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

mfschedule.exe

Publisher:

MendFast.com (signed by Smart PC Solutions, Inc.)

Product:

MendFast Schedule

Version:

3.2.0.0

MD5:

f1461d3bdc044f632aeae809fb8e89c5

SHA-1:

83d2119bc2ebb778c09bfdf7d07d2a4e4c3c454e

SHA-256:

31c791ec1845174ea63815547bbbb8a26d4540822b80c8265a9798c9ede0720a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 9:56:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PC Utilities.SmartPCSolutions (M)

16.1.10.10

File size:

413.6 KB (423,536 bytes)

Product version:

3.2.0.0

MendFast.com

Trademarks:

MendFast.com

Original file name:

MFSchedule

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mendfast\mfschedule.exe

Digital Signature

Signed by:

Smart PC Solutions, Inc.

Authority:

Symantec Corporation

Valid from:

10/14/2013 2:00:00 AM

Valid to:

9/25/2014 1:59:59 AM

Subject:

CN="Smart PC Solutions, Inc.", O="Smart PC Solutions, Inc.", L=Alexandria, S=Virginia, C=US, SERIALNUMBER=0661796-3., OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Virginia, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3D1EC03375367AD2596A200ED9646A81

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:jI+lqIxCQPZlrXQ7pRJ7wG6+UG/mI3lM8PUWTiLm0s/sUFHvZiGjC8EETJolYP:EmxpPrLCJ788m2lLPTiZUlvZzXl+YP

Entry address:

0x4F50C

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 1C, F3, 44, 00, E8, 1B, 68, FB, FF, 68, D8, F5, 44, 00, 6A, 00, 68, 01, 00, 1F, 00, E8, C2, 6B, FB, FF, 85, C0, 0F, 85, 9A, 00, 00, 00, 68, D8, F5, 44, 00, 6A, 00, 6A, 00, E8, 0C, 6A, FB, FF, B9, EC, F5, 44, 00, BA, 00, F6, 44, 00, B8, 01, 00, 00, 80, E8, 34, FC, FF, FF, 84, C0, 74, 74, BA, 00, F6, 44, 00, B9, 1C, F6, 44, 00, B8, 01, 00, 00, 80, E8, 1C, FC, FF, FF, 8B, D8, BA, 00, F6, 44, 00, B9, 2C, F6, 44, 00, B8, 01, 00, 00, 80, E8, B2, FC, FF, FF, 85, C0, 75, 05, 80, FB... 
[+]

Entropy:

6.4480

Developed / compiled with:

Microsoft Visual C++

Code size:

314 KB (321,536 bytes)

Remove mfschedule.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.