home

mntknhrpxy.exe

Crime Watch

Mathematical Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application mntknhrpxy.exe by Mathematical Applications has been detected as adware by 11 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Mathematical Applications  (signed and verified)

Product:
Crime Watch

Description:
CrimeWatch

Version:
1.0.0.0

MD5:
c69427511fd6cfa8afbd3dbb9e2bb86e

SHA-1:
1abda981c208a046034d5db5185aeb715433fc05

SHA-256:
a35cbde8c83bf7570b0815d93339e43f880d8f2efef9be55de384e550d780f9c

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 8:04:45 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Adware-G [PUP]
2014.9-150201

AVG
Downloader
2016.0.3212

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.1521

Dr.Web
Adware.Yontoo.56
9.0.1.032

ESET NOD32
MSIL/Adware.PullUpdate.G.gen (variant)
9.11097

Fortinet FortiGate
Adware/PullUpdate
2/1/2015

IKARUS anti.virus
PUA.Downloader
t3scan.1.8.6.0

Malwarebytes
PUP.Optional.CrimeWatch.A
v2015.02.01.05

NANO AntiVirus
Trojan.Win64.Downware.dhdcgg
0.30.0.65070

Reason Heuristics
PUP.Injekt
15.2.1.5

Trend Micro House Call
Suspicious_GEN.F47V0129
7.2.32

File size:
48.8 KB (49,936 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Mathematical Applications 2015

Original file name:
CrimeWatch.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\ogblcop\dat\mntknhrpxy.exe

Digital Signature
Signed by:
Mathematical Applications

Authority:
VeriSign, Inc.

Valid from:
10/27/2014 1:00:00 AM

Valid to:
10/28/2015 12:59:59 AM

Subject:
CN=Mathematical Applications, O=Mathematical Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79F6406432970C77D2FA7772E5EB6BDC

File PE Metadata
Compilation timestamp:
1/29/2015 6:13:56 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:LNuNv+X27a6iO0aq/frXu9FkhCKn3t0NBvqhb6qTlWlvSFWA:CqT650BSzqCW9oBvqhbHTlWlKFW

Entry address:
0xBF6E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
40 KB (40,960 bytes)

Remove mntknhrpxy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.