» mtpc.exe
Overview
Analysis
File Details
Programs (1)
Network (7)

mtpc.exe

MyTurboPC

MyTurboPC.com LLC

The application mtpc.exe by MyTurboPC.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program MyTurboPC by MyTurboPC.com which is a potentially unwanted software program.

File name:

mtpc.exe

Publisher:

MyTurboPC.com (signed by MyTurboPC.com LLC)

Product:

MyTurboPC

Version:

3.2.15.0

MD5:

5469ba4eec9df91862638809a2d61ff0

SHA-1:

c41d03555f17f82078d57673227d07aa9f898c89

SHA-256:

a24fe0c2444d52469e550cc309b520072c41cdaa7d8b123c2a7d9eced844f995

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 2:45:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.MyTurboPC

15.2.19.16

File size:

4.7 MB (4,907,984 bytes)

Product version:

3.2.15.0

Original file name:

mtpc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\myturbopc.com\myturbopc\mtpc.exe

Digital Signature

Signed by:

MyTurboPC.com LLC

Authority:

GoDaddy.com, Inc.

Valid from:

2/7/2014 3:06:01 AM

Valid to:

1/31/2015 8:58:47 PM

Subject:

CN=MyTurboPC.com LLC, O=MyTurboPC.com LLC, L=Elkhart, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27F01690A50670

File PE Metadata

Compilation timestamp:

12/19/2014 5:04:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:csb9wkYvEr5YPyO8jA7ZARzd18ORKB0MwEIhHSjwpUnVVz0O6Hi95T9:5wZiYR742yf2V10O6HiXT9

Entry address:

0x280A6A

Entry point:

E8, 59, D5, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 20, 56, 83, 00, 75, 02, F3, C3, E9, E0, D5, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, 36, 56, 00, 00, 6A, 16, 5E, 89, 30, E8, 4A, D8, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 3C, 66, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, AA, 65, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, EC, 55, 00, 00, 6A... 
[+]

Entropy:

6.5997

Code size:

3.4 MB (3,550,720 bytes)

The file mtpc.exe has been discovered within the following program.

MyTurboPC by MyTurboPC.com

Publisher's description - “MyTurboPC is a comprehensive diagnostic program that increases the speed, performance and security of your Windows based personal computer. It cleans your registry, defrag your PC or manage startup items to increase overall speed and performance.”

www.MyTurboPC.com

64% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to h66-38-130-202.gtcust.grouptelecom.net (66.38.130.202:80)

TCP (HTTP):

Connects to ec2-54-86-230-223.compute-1.amazonaws.com (54.86.230.223:80)

TCP (HTTP):

Connects to ec2-54-152-186-3.compute-1.amazonaws.com (54.152.186.3:80)

TCP (HTTP):

Connects to ec2-52-7-156-51.compute-1.amazonaws.com (52.7.156.51:80)

TCP (HTTP):

Connects to ec2-52-6-55-210.compute-1.amazonaws.com (52.6.55.210:80)

TCP (HTTP):

Connects to ec2-52-6-214-27.compute-1.amazonaws.com (52.6.214.27:80)

TCP (HTTP):

Connects to ec2-52-54-139-246.compute-1.amazonaws.com (52.54.139.246:80)

Remove mtpc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.