home

MSNLite.exe

MSNLite

Hada Online (Beijing) Network Technology Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MSNLite’.
Publisher:
hada.me  (signed by Hada Online (Beijing) Network Technology Ltd.)

Product:
MSNLite

Version:
3.1.0.4267

MD5:
37cad83bf5c0f5788d0a75f56d2fabee

SHA-1:
e7d8564cf6c69bbafb73b0f5fa880415c7a7e9b6

SHA-256:
799b893b20518deb8a3535361ae918c9e00ee5e2de44c98e65703b1f4ed68fdf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 11:23:00 AM UTC  (today)

File size:
13.2 MB (13,811,112 bytes)

Product version:
3.1.0.4267

Original file name:
MSNLite.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\msnlite\msnlite.exe

Digital Signature
Signed by:
Hada Online (Beijing) Network Technology Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/13/2012 8:00:00 AM

Valid to:
1/13/2013 7:59:59 AM

Subject:
CN=Hada Online (Beijing) Network Technology Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Hada Online (Beijing) Network Technology Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72A4247C8674A320C5804ADF0DFFF377

File PE Metadata
Compilation timestamp:
6/1/2012 7:13:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:PwUo9WqbBt1tPxt2XKMoHW4HLrYgvUa1/oD3weWaDYMe:Bo9Flt1tPxYKFHprrYgvUaqYMe

Entry address:
0x75A142

Entry point:
E8, 5F, 3A, 01, 00, E9, 79, FE, FF, FF, 3B, 0D, 70, B6, 02, 01, 75, 02, F3, C3, E9, E1, 3A, 01, 00, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, 2C, 19, E9, 00, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 57, 8B, F9, C7, 07, 2C, 19, E9, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 05, 7C, 00, 00, 8B, F0, 46, 56, E8, 31, 16, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 12, FF, 33, 56, 50, E8, D8, 0C, 01, 00, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, 5D, C2, 04, 00, 8B, FF, 55...
 
[+]

Entropy:
6.3981

Code size:
9.5 MB (9,925,120 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MSNLite

Command:
C:\Program Files\msnlite\msnlite.exe


2 Windows Firewall Allowed Programs
Name:
C:\Program Files\MSNLite\MSNLite.exe

Name:
C:\Documents and Settings\Administrator\Application Data\VOS\MSNLite\%Program Files%\MSNLite\MSNLite.exe


Scan MSNLite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.