home

patch-mpt.exe

Activator

MPT34M

The executable patch-mpt.exe, “cr4cking th3 cod3 4 fun!” has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0s-0g-docs.googleusercontent.com.
Publisher:
MPT34M

Product:
Activator

Description:
cr4cking th3 cod3 4 fun!

Version:
1.0

MD5:
878bc9c4c2027fdb8b9cde36b6d8491f

SHA-1:
3b8ac514a0b523ec9670b077b76fe1a7bc728c35

SHA-256:
492e642efbbe3dbed9f039a579d11cd14656bc38312a15d1ed057984978fb41d

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
4/29/2024 5:41:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7749919
496

AhnLab V3 Security
Unwanted/Win32.HackTool
2015.08.17

Avira AntiVirus
TR/Rogue.7749919
8.3.1.6

Arcabit
Trojan.Generic.D76411F
1.0.0.425

AVG
PSW.Agent
2016.0.2974

Baidu Antivirus
Hacktool.Win32.Patcher
4.0.3.15927

Bitdefender
Trojan.Generic.7749919
1.0.20.1350

Comodo Security
UnclassifiedMalware
23023

Dr.Web
Tool.Patcher.127
9.0.1.0270

Emsisoft Anti-Malware
Trojan.Generic.7749919
8.15.09.27.01

ESET NOD32
Win32/HackTool.Patcher.T potentially unsafe (variant)
9.12103

Fortinet FortiGate
Riskware/Kiser
9/27/2015

F-Secure
Trojan.Generic.7749919
11.2015-27-09_1

G Data
Trojan.Generic.7749919
15.9.25

IKARUS anti.virus
Trojan-PSW.Agent
t3scan.1.9.5.0

Malwarebytes
CrackTool.Agent
v2015.09.27.01

McAfee
Artemis!878BC9C4C202
5600.6630

MicroWorld eScan
Trojan.Generic.7749919
16.0.0.810

nProtect
Trojan.Generic.7749919
15.08.13.01

Rising Antivirus
PE:Trojan.Win32.Generic.1314C8A9!320129193
23.00.65.15925

Sophos
Generic Patcher (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
42954

ViRobot
Trojan.Win32.S.Agent.484864.O[h]
2014.3.20.0

Zillya! Antivirus
Tool.Patcher.Win32.10080
2.0.0.2353

File size:
473.5 KB (484,864 bytes)

Product version:
1.0

Copyright:
© MPT

Original file name:
Activator

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\compressed\as.us.batang-tender\bartender.enterprise.automation.10.1.build.2934\patch-mpt.exe

File PE Metadata
Compilation timestamp:
3/13/2011 3:47:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
6144:6w8AqDLfohjDR5tXRFFL2I2EwSA6l5h86woZjokqK3lTQjPmukQ7YZcUvSLDEh:zcIhjDtX/FL6D/m46XZMJ8TQThiqLDE

Entry address:
0x3D86

Entry point:
B8, D8, FF, 4F, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, E6, 32, C0, DE, 28, 4A, 5F, E6, FF, B4, 30, 36, F9, 31, 47, 34, C9, 91, D7, AE, 22, B2, EF, DE, F5, 8D, 68, 5F, 86, 39, 01, EA, 47, 67, 45, AB, DA, CB, 9E, 27, A9, EB, 42, 49, E6, 8E, A9, DA, 08, 95, CB, 11, 28, 43, 8F, 29, 21, 67, 8A, F8, E4, 8C, 1C, 63, DB, 98, D2, 34, 9A, 3E, 26, A4, 92, BA, 3A, 8F, DA, 4B, F0, CD, 19, 1A, DC, C4, 71, 28, 78, A0, 4B, 84, 4E, 51, 06...
 
[+]

Entropy:
7.9629

Packer / compiler:
PECompact v2

Code size:
35 KB (35,840 bytes)

The file patch-mpt.exe has been seen being distributed by the following URL.

https://doc-0s-0g-docs.googleusercontent.com/docs/securesc/60qk61728uanc2s2gvbqnlmjabum1gla/6fagep3tpd2gbesc30d2rkmvok4jh4b4/1455350400000/.../09216893162617389300/0B2XZqKhKvtLbam1YSWYyUGhRa28?h=09872228368920798013&e=download

Remove patch-mpt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.