home

mplay.exe

Google Chrome

Mpyre Software, Inc.

The application mplay.exe by Mpyre Software has been detected as a potentially unwanted program by 25 anti-malware scanners.
Publisher:
Google Inc.  (signed by Mpyre Software, Inc.)

Product:
Google Chrome

Description:
Google

Version:
38.0.2125.0

MD5:
3b4218da8df1ffc434e740a3798e672a

SHA-1:
e072881991cad6e23e9e1fea7309cea703a9b6a4

SHA-256:
7fe72a9deea4a462da82d16a5a58cd305f1d8e4aca1080563b8f010d96ec2595

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 10:09:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1984248
771

Agnitum Outpost
Trojan.Injector
7.1.1

Avira AntiVirus
TR/Dropper.MSIL.98012
7.11.197.174

AVG
MSIL5
2015.0.3249

Bitdefender
Trojan.GenericKD.1984248
1.0.20.1800

Comodo Security
TrojWare.Win32.UMal.~A
20469

Emsisoft Anti-Malware
Trojan.GenericKD.1984248
8.14.12.26.09

ESET NOD32
MSIL/Injector.GJL (variant)
8.10925

Fortinet FortiGate
MSIL/Cleaman.B!tr
12/26/2014

F-Secure
Trojan.GenericKD.1984248
11.2014-26-12_6

G Data
Trojan.GenericKD.1984248
14.12.24

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14440

McAfee
RDN/Generic.dx!dh3
5600.6905

Microsoft Security Essentials
VirTool:MSIL/Injector
1.11302

MicroWorld eScan
Trojan.GenericKD.1984248
15.0.0.1080

NANO AntiVirus
Trojan.Win32.GJL.djcmbz
0.30.0.64448

Norman
Suspicious_Gen4.HHXWW
11.20141226

nProtect
Trojan.GenericKD.1984248
14.12.24.01

Panda Antivirus
Trj/CI.A
14.12.26.09

Rising Antivirus
PE:Trojan.Win32.Generic.17C715CC!398923212
23.00.65.141224

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
TROJ_SPNR.38L814
7.2.360

Trend Micro
TROJ_SPNR.38L814
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
36056

File size:
451.7 KB (462,576 bytes)

Product version:
38.0.2125.0

Copyright:
Copyright 2012 Google Inc. All rights reserved.

Original file name:
minox.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\mplay.exe

Digital Signature
Signed by:
Mpyre Software, Inc.

Authority:
DigiCert Inc

Valid from:
9/19/2012 3:00:00 AM

Valid to:
9/30/2015 3:00:00 PM

Subject:
CN="Mpyre Software, Inc.", O="Mpyre Software, Inc.", L=Mississauga, S=Ontario, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B9F83CAA06EB3463CB393D128F62D70

File PE Metadata
Compilation timestamp:
11/19/2014 4:42:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:kjUOP9eP9nA5fVebAZ0u+7befIYBbmFyl1n9q:693pVQHPbwmZ

Entry address:
0x70F0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
444 KB (454,656 bytes)

Remove mplay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.