» batman-v-superman_id4601458ids1s.exe
Overview
Analysis
File Details
Downloads (1591)
Network (2)

batman-v-superman_id4601458ids1s.exe

mediaget-installer Module

Inbox OOO

The application batman-v-superman_id4601458ids1s.exe, “MediaGet installer” by Inbox OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from mediaget.com and multiple other hosts. While running, it connects to the Internet address customer.clientshostname.com on port 80 using the HTTP protocol.

File name:

Publisher:

MediaGet LLC (signed by Inbox OOO)

Product:

mediaget-installer Module

Description:

MediaGet installer

Version:

1.0

MD5:

29d99807cc0b9168f8c9d4120ea7b48c

SHA-1:

e45ac7f182ea957f96408b41f47ac80655b57613

SHA-256:

eca203e5bc13f9143e896a440fcf22cde8f2dc144c0444e432120c89b63b1629

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 12:39:00 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MediaGet.Inbox.Installer (M)

16.7.6.16

File size:

479.8 KB (491,352 bytes)

Product version:

1.0

Original file name:

mediaget-installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\batman-v-superman_id4601458ids1s.exe

Digital Signature

Signed by:

Inbox OOO

Authority:

COMODO CA Limited

Valid from:

2/16/2016 2:00:00 AM

Valid to:

9/17/2017 2:59:59 AM

Subject:

CN=Inbox OOO, O=Inbox OOO, STREET="16 of. 2, per. Monetchikovski 5-I", L=MOSCOW, S=MOSCOW, PostalCode=115054, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AE2F0B53DD74EA62BD9A5322DC2C5632

File PE Metadata

Compilation timestamp:

7/5/2016 2:48:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:TnUkqgvA0ucCRkLwIrBpfojPhXDJSpFWlB:otgXHrTfI5oE

Entry address:

0x12CCD0

Entry point:

60, BE, 00, 80, 4E, 00, 8D, BE, 00, 90, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

276 KB (282,624 bytes)

The file batman-v-superman_id4601458ids1s.exe has been seen being distributed by the following 50 URLs.

http://mediaget.com/torrent.php?r=torrent-oyun.com&f=Roller Coaster Tycoon 3 Platinum_ Torrent-Oyun.com&p=http://img.zamunda.net/bitbucket/rct3_7252_front.jpg&u=http://.../index.php?action=dlattach;topic=203.0;attach=27985

http://sub2.bubblesmedia.ru/sb/clk/s/1679/h/469e57/o/145/.../0?a=1&f=Counter-Strike: Global Offensive

http://torr.mediaget.com/torr.php?r=filmzede.com&s=Taksi 5 izle &f=Taksi 5 izle

http://sub2.admitlead.ru/sb/clk/s/1439/h/e67424/o/471/.../ff?a=1&f=Adobe Illustrator CC v20.1.0 Turkce Full 2015.3.1 Indir

http://www.fullindirin.net/indir.php?&t1=saglamindir&is=Hotspot Shield VPN 4.20 Elite Full Türkçe Indir

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=cannon Brawl Full Indir PC

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=OutlastFullTorrent&data_send_to_me=CB60AAD99D52BF25F2ED6E96C81B1B326A7D5E4E_www.fulltorrentoyunindir.net_random

http://www.installadpro.com/indiralt.php?&t1=fullprogramlaralt&is=Pes 2016 Lisans VE Transfer Yamasi Indir

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=BenVeEdIndir_Ben&data_send_to_me=02E14EF70FD16DC03722D9F1E658937720FE42AB_www.torrent-indir.net_hemenindirx

http://www.indirads.org.uk/Clash Of Clans.asp

http://sub2.bubblesmedia.ru/sb/clk/s/1771/h/42eda4/o/145/.../5?a=1&f=TAHSiLAT MAKBUZU Full

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=Minitab v17.3.1 Full Indir

http://sub2.admitlead.ru/sb/clk/s/1439/h/e67424/o/471/.../p1?a=1&f=Live For Speed . S2 Full Turkce Indir

http://www.installads.net/indir.php?&t1=hazirindir&is=Pes 2013 Full Türkçe Tek Link Indir

http://www.installads.net/indir.php?&t1=saglamindir2&is=Farming Simulator 2013 Full Indir

http://ld.mediaget.com/index2.php?l=tr&r=fullucretsizindir.com&f=minecraft-full-cretsiz-trke-ndir&s=Minecraft Full ï¿½cretsiz Tï¿½rkï¿½e ï¿½ndir &bbls_client_id=344445364

http://sub2.admitlead.ru/sb/clk/s/1439/h/e67424/o/471/.../ff?a=1&f=GTA San Andreas Turkce Full Kurulumsuz Indir PC

http://sub2.bubblesmedia.ru/sb/clk/s/1771/h/42eda4/o/145/.../3?a=1&f=Hizli ve ofkeli

http://ld.mediaget.com/index2.php?l=tr&r=al_reklamtrk.com&f=championshipmanager34fullindir&comment=s901|k20160819243518&use_f=1&bbls_client_id=343920040

http://www.installads.net/indir.php?&t1=saglamindir2&is=Outlast Full Türkçe Indir

http://sub2.bubblesmedia.ru/sb/clk/s/1556/h/b8dba2/o/145/.../0?a=1&f=The Sims 3 full indir – Tek Link

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?l=tr&r=indirfile.comff&f=ammyy-admin-full-3534-indir-corporate-turkce&comment=s1439|iff&subid=ff&use_f=1

http://ld.mediaget.com/index2.php?l=tr&r=al_reklamtrk.com&f=cs16gelimijailbreakmod&comment=s901

http://sub2.bubblesmedia.ru/sb/clk/s/2595/h/2310ed/o/145/.../0?a=1&f=Göge Bakma Duragi Kitabi PDF Indir

http://ld.mediaget.com/index2.php?l=tr&r=oyunindir.club&f=cheat-engine-61&bbls_client_id=336587236&bbl=1&bbl_clk_id=508430-1470745961&use_f=1

http://sub2.bubblesmedia.ru/sb/clk/s/3164/h/8231c4/o/145/.../0?a=1&f={Call Of Duty}

http://www.fullindirin.net/indir.php?&t1=saglamindir&is=Photodex Proshow Gold 7 Full Türkçe Indir

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=Life Is Strange Episode 1-2-3-4-5 Full Türkçe Indir Kurulum

http://sub2.bubblesmedia.ru/sb/clk/s/2595/h/2310ed/o/145/.../0?a=1&f=Lider Yayinlari KPSS Genel Kültür-Genel Yetenek Çözümlü Denemeleri PDF Indir

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=Sportmt2_Full_Pack_27_03_16.rar

Latest 30 of 1,591 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to customer.clientshostname.com (185.104.10.56:80)

TCP (HTTP):

Connects to sw90.ua-hosting.company (91.215.156.143:80)

Remove batman-v-superman_id4601458ids1s.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.