home

MRHomePage.exe

MRHomePage

LLC Mail.Ru

The application MRHomePage.exe, “Установка стартовой страницы” by LLC Mail.Ru has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mrhomepage.cdnmail.ru. While running, it connects to the Internet address rfbo2.r.smailru.net on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
MRHomePage

Description:
Установка стартовой страницы

Version:
1, 0, 0, 1

MD5:
1bfcd62d6d2fa2d792789ae07d9b640b

SHA-1:
76e3926fe5cbc8dc4b9b8fed4cfd924f133c5f83

SHA-256:
4caded4ba44988d5fb71138398025f80ef2f875389f6280fffdef1676dd39558

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
6/26/2025 9:15:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.MailRu.K
14.3.28.18

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.14321

File size:
1.8 MB (1,907,216 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
MRHomePage.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mrhomepage.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 2:00:00 AM

Valid to:
2/7/2014 1:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
3/29/2013 1:31:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:Iu0+td0nGWQUq9LcKWG/LgetD/MiOsDCUgD9KnqegI:hiLy5/sNjP9KnUI

Entry address:
0xD3165

Entry point:
E8, E6, A6, 00, 00, E9, 89, FE, FF, FF, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, DC, 21, 52, 00, 00, 74, 05, E9, 4F, A7, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3...
 
[+]

Code size:
985 KB (1,008,640 bytes)

The file MRHomePage.exe has been seen being distributed by the following URL.

http://mrhomepage.cdnmail.ru/MRHomePage.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rfko.r.smailru.net  (217.69.139.42:80)

TCP (HTTP):
Connects to rfbo2.r.smailru.net  (94.100.180.76:80)

Remove MRHomePage.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.