home

mcshield-setup.exe

MCShield ::Anti-Malware Tool::

MyCity

The executable mcshield-setup.exe has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.mcshield.net.
Publisher:
MyCity

Product:
MCShield ::Anti-Malware Tool::

Version:
3.0.5.28

MD5:
89cddec58f65297e379b0c098a90e004

SHA-1:
d72a94ecbe0a94d4ae8566d4e52494ae6fdb0a7b

SHA-256:
0ae197d3d275e9e61d1484d209fb94a7438b401676a156e9b0d62fabaaf46f31

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
6/30/2025 4:15:40 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.2652.0

Norman
Win32.Sality.3
19.05.2016 01:04:49

File size:
2.8 MB (2,926,368 bytes)

Product version:
3.0.5.28

Copyright:
© MyCity

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
4/10/2010 1:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:TV8uQCDy/KHacNFu2FhacuQMpRHGt9XPGQtdmP0S2iEl7IEg/:TVyCDyyHah2fPutRE5PGvcl7I5/

Entry address:
0x354B

Entry point:
60, 84, C0, 81, E7, C2, 20, 4F, 59, F2, EB, 07, 88, E4, BA, 4C, 9C, 3F, 1B, 75, 06, 8D, 2D, A7, 48, 00, 40, 87, D7, F6, C4, 6D, 69, CB, 84, 37, C7, A5, 88, ED, 69, C6, 89, 55, 72, D6, F7, C2, 6D, 16, 26, FB, E8, 62, 00, 00, 00, EB, 05, F3, 84, F2, 88, CC, 8D, 05, FA, CB, D1, F0, C7, C3, 86, A9, 34, 69, 75, 03, 0F, AF, F1, 69, F3, DA, 24, 55, 52, 8D, 35, EC, 47, 95, 98, 03, DA, 69, FF, AF, B6, 82, E8, F2, 50, 0F, B7, D9, 4B, 5A, 71, 08, F2, F2, 8D, 1D, 16, 56, 49, 62, 70, 03, 47, FE, C3, 33, C0, 75, 03, 47...
 
[+]

Code size:
25 KB (25,600 bytes)

The file mcshield-setup.exe has been seen being distributed by the following URL.

http://www.mcshield.net/.../MCShield-Setup.exe

Remove mcshield-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.