» 4_mssec_launcher.exe
Overview
Analysis
File Details
Downloads (1)

4_mssec_launcher.exe

mlru

GCM

The application 4_mssec_launcher.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.markersoffredefy.site.

File name:

Publisher:

GCM

Product:

mlru

Description:

smart install

Version:

219.176.174.215

MD5:

bbacc4c282ab0f9bfd7eaf4c5d17f3b3

SHA-1:

a48b72aca8037b7c32ea30e2c47c26cc151d289e

SHA-256:

da25b192c2284b897bf196a61ee8646bf2d85f95522e3789119211f97e77d937

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

6/29/2025 10:54:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InstallMonetizer (M)

16.7.21.9

File size:

1000.5 KB (1,024,512 bytes)

Product version:

219.176.174.215

Rights 2000

Trademarks:

Mark Cap

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\4_mssec_launcher.exe

File PE Metadata

Compilation timestamp:

5/4/2016 3:11:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:kIp8QKA7rNeEZYBrCwEHcRijLSjQW+y+leOL:jSQXNeGY/E8RuS84+le

Entry address:

0x524A

Entry point:

E8, 5B, 32, 00, 00, E9, 39, FE, FF, FF, 6A, 00, FF, 15, 7C, 90, 41, 00, C3, FF, 15, 80, 90, 41, 00, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 35, C8, E1, 41, 00, FF, 15, 84, 90, 41, 00, FF, D0, 5D, C2, 04, 00, A1, C4, E1, 41, 00, C3, 8B, FF, 56, FF, 35, C8, E1, 41, 00, FF, 15, 84, 90, 41, 00, 8B, F0, 85, F6, 75, 1B, FF, 35, 58, EE, 41, 00, FF, 15, 8C, 90, 41, 00, 8B, F0, 56, FF, 35, C8, E1, 41, 00, FF, 15, 88, 90, 41, 00, 8B, C6, 5E, C3, 8B, FF, 55, 8B, EC, FF, 75, 0C, FF, 75, 08, FF, 35, 5C, EE, 41... 
[+]

Code size:

93.5 KB (95,744 bytes)

The file 4_mssec_launcher.exe has been seen being distributed by the following URL.

http://www.markersoffredefy.site/4_mssec_launcher.exe

Remove 4_mssec_launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.