home

msmvr.exe

The executable msmvr.exe has been detected as malware by 13 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MSN’.
MD5:
e4df797439340a724c8fbeac2492035c

SHA-1:
282dd4bd6b4aa03e6d1b7ea5b7b0a628f438d296

SHA-256:
269f2b7f527ac242fe37a3d6ba3b5f74212f4775d664622b0fc60aec57169c07

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/29/2024 7:56:06 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft A-Squared
Trojan-Dropper.SuspectCRC!IK
4.5.0.50

avast!
Win32:Trojan-gen
2014.9-170310

AVG
Dropper.Generic
2018.0.2444

Dr.Web
BackDoor.Bifrost.8
9.0.1.069

ESET NOD32
Win32/Injector.BEG (variant)
11.4980

G Data
Win32:Trojan-gen
17.3.19

IKARUS anti.virus
Trojan-Dropper.SuspectCRC
t3scan.1.1.80.0

Kaspersky
Backdoor.Win32.Shark
14.0.0.-1285

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!DG
1.163.1557.0

Norman
W32/Smalltroj.YACG
11.20170310

Prevx
High Risk Cloaked Malware
3.0

Quick Heal
(Suspicious) - DNAScan
3.17.10.00

Sophos
Troj/VBInjec-B
4.52

File size:
66.5 KB (68,057 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\msmvr.exe

File PE Metadata
Compilation timestamp:
3/12/2010 1:18:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x10E4

Entry point:
68, AC, 11, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 64, 27, F6, ED, C9, AA, F0, 42, 9D, F4, 96, CF, 52, DC, AA, D0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 6D, 20, 4D, 69, 73, 44, 44, 65, 63, 6B, 00, 20, 20, 20, 00, 00, 00, 00, 06, 00, 00, 00, 04, 25, 40, 00, 07, 00, 00, 00, D0, 24, 40, 00, 07, 00, 00, 00, 88, 24, 40, 00, 07, 00, 00, 00, 40, 24, 40, 00, 07, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 23, 40, 00, 07, 00, 00, 00, 50, 23, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MSN

Command:
C:\users\{user}\appdata\roaming\msmvr.exe


Remove msmvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.