home

mpdataeditor2.exe

MpDataEditor

CraigChrist8239

The executable mpdataeditor2.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from download1412.mediafire.com and multiple other hosts.
Publisher:
CraigChrist8239

Product:
MpDataEditor

Version:
2.1.0.*

MD5:
bc40956c20b11877952eb38e0097df4f

SHA-1:
2a88070f63fa86738632b3e8501a3dff19fb8e16

SHA-256:
fabd85e2f4155a47f48c668f77ad0191e0d4b98c7ea1c3bac8df5454da876099

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/25/2024 11:24:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
BDS/Gendal.662786
3.6.1.96

IKARUS anti.virus
Backdoor
t3scan.1.8.6.0

McAfee
Artemis!BC40956C20B1
5600.6700

Norman
Suspicious_Gen2.HWWOM
11.20150718

nProtect
Constructor/W32.Agent.4340224
15.03.26.01

Qihoo 360 Security
Win32/Backdoor.81d
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
38810

File size:
4.1 MB (4,340,224 bytes)

Product version:
2.1.0.*

Copyright:
Copyright © CraigChrist8239 2010

Original file name:
MpDataEditor.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\misc files\mpdataeditor2.exe

File PE Metadata
Compilation timestamp:
5/8/2010 12:06:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:9m6C7FTSyLSzc+MxUqboP3kTutf2xlVnIIpGfwebH8xfqgBFZL:c7F2yLSg+MxUqbE3kTutfYd9Gm

Entry address:
0x1F2230

Entry point:
FF, 25, 20, 22, 5F, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 14, 01, 00, 00, 00, 01, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 00, 00, 00, 00, 10, 01, 00, 00, 00, 02, 00, 00, 00, 06, 02, 00, 00, 00, 10, 4D, 50, 44, 41, 54, 41, 45, 44, 49, 54, 4F, 52, 2E, 45, 58, 45, 09, 03, 00, 00, 00, 04, 03, 00, 00, 00, 1C, 53, 79, 73, 74, 65, 6D, 2E, 43, 6F, 6C, 6C, 65, 63, 74, 69, 6F, 6E, 73, 2E, 48, 61, 73, 68, 74, 61, 62, 6C, 65, 07, 00, 00, 00, 0A...
 
[+]

Entropy:
6.3849

Code size:
4.1 MB (4,304,896 bytes)

The file mpdataeditor2.exe has been seen being distributed by the following 3 URLs.

http://download1412.mediafire.com/w8c3cdttireg/.../MPDATA editor.exe

http://download730.mediafire.com/rabt2pdvubsg/.../MPDATA editor.exe

http://download606.mediafire.com/qdsa0q00hbbg/.../MPDATA editor.exe

Remove mpdataeditor2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.