» cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe
Overview
Analysis
File Details
Downloads (1786)
Network (2)

cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe

mediaget-installer Module

Inbox OOO

The application cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe, “MediaGet installer” by Inbox OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.installadpro.com and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.

File name:

Publisher:

MediaGet LLC (signed by Inbox OOO)

Product:

mediaget-installer Module

Description:

MediaGet installer

Version:

1.0

MD5:

759c6c09f4ddfd811493232f2012e083

SHA-1:

fd5a056ed4d5dd91b878c6eefc9ae6804c89d3f9

SHA-256:

ab472e55940a4667041ba6573cc2cd3161ecd9843502c3a1bbf27cf65838560c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 3:45:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MediaGet.Inbox.Installer (M)

16.7.6.16

File size:

479.8 KB (491,360 bytes)

Product version:

1.0

Original file name:

mediaget-installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe

Digital Signature

Signed by:

Inbox OOO

Authority:

COMODO CA Limited

Valid from:

2/16/2016 2:00:00 AM

Valid to:

9/17/2017 2:59:59 AM

Subject:

CN=Inbox OOO, O=Inbox OOO, STREET="16 of. 2, per. Monetchikovski 5-I", L=MOSCOW, S=MOSCOW, PostalCode=115054, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AE2F0B53DD74EA62BD9A5322DC2C5632

File PE Metadata

Compilation timestamp:

7/5/2016 2:51:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:/92qtdcZSGxduVjWpmc5+6g0fojPhXDJSpFaj:12qbrVaUck0fI5o

Entry address:

0x12CCD0

Entry point:

60, BE, 00, 80, 4E, 00, 8D, BE, 00, 90, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

276 KB (282,624 bytes)

The file cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe has been seen being distributed by the following 50 URLs.

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=Hotspot Shield Elite VPN Türkçe Full 6.20.5 – Indir

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=RollerCoasterTycoonWorldFull&data_send_to_me=CB60AAD99D52BF25F2ED6E96C81B1B326A7D5E4E_www.fulltorrentoyunindir.net_manuel

http://sub2.admitlead.ru/sb/clk/s/1439/h/e67424/o/471/.../gen?a=1&f=Championship Manager 17 1.1.1.469 Para Hileli Mod Apk indir

http://tinyurl.com/.../Foxit PhantomPDF Business

http://sub2.bubblesmedia.ru/sb/clk/s/1556/h/b8dba2/o/145/.../0?a=1&f=Need For Speed Most Wanted Full indir - Pc

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=Adobe Illustrator CS6 Türkçe Ingilizce Full Indirin

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=FarCryPrimalTorrentindir&data_send_to_me=02E14EF70FD16DC03722D9F1E658937720FE42AB_www.torrent-indir.net_torrent1

http://sub2.bubblesmedia.ru/sb/clk/s/3164/h/8231c4/o/145/.../0?a=1&f={Pes 2016 Spor}

http://ld.mediaget.com/index2.php?l=tr&r=indirfile.comff&f=dns-jumper-indir-turkce-200&comment=s1439

http://sub2.bubblesmedia.ru/go/?link=Wsm2bJPF7CPtE4ztDHv/tbA63Uc2R4uAW8ju3Dvw wkfm0Il DbFRTdDyv1p38Mp5uK7lyVdss0v6UYozxuO7T/JNQ6kgMN9AwhOZ83X4J6eBUdpOy6DuyWAAekmu6AChaE7/.../zLx93e81DuKI04G&param=wsJBnySiKj4=&un=57836708723d3&rid=4108&f=Microsoft Office 2013 Professional Plus 64bit&32bit Full TR

http://www.installadpro.com/indiralt.php?&t1=fullprogramlaralt&is=Pokemon Lightning Yellow Indir Türkçe Emulatör

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=EuroTruckSimulatorTürkçe16&data_send_to_me=4D3F2FFAE1170CD23EEB8B51AEC68D2C54884694_www.fullprogramdeposu.com_torrent2

http://tinyurl.com/.../XP SP3 Lite

http://sub2.bubblesmedia.ru/sb/clk/s/1556/h/b8dba2/o/145/.../0?a=1&f=PES 2013 FULL Indir -- Pes 2013 Indir full tek link

http://ads.installads.com/indir.php?&t1=siberyazilimci&is=Çilgin Tavuklar Apk

http://sub2.bubblesmedia.ru/sb/clk/s/1556/h/b8dba2/o/145/.../0?a=1&f=Live For Speed Full indir - Tek Link

http://www.fullindirin.net/indir.php?&t1=saglamindir2&is=Mirillis Action 1.14 Full Türkçe Indir

http://ld.mediaget.com/index2.php?l=tr&r=indirfile.comff&f=gta-vice-city-hd-full-turkce-indir-pc-new&comment=s1439|iff&subid=ff&use_f=1&bbls_client_id=384756341

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=Resolume Arena Avenue Full v5.1.1

http://sub2.bubblesmedia.ru/sb/clk/s/1771/h/42eda4/o/145/.../42?a=1&f=Fanaa Turkce Altyazili

http://ld.mediaget.com/index2.php?l=tr&r=toolbartr.com47&f=film-indir&bbls_client_id=378776060&bbl=1&bbl_clk_id=731114-1474992859&use_f=1?EsetProtoscanCtx=227b7aac440

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?l=tr&r=indirfile.comff&f=ammyy-admin-full-3534-indir-corporate-turkce&comment=s1439|iff&subid=ff&use_f=1

http://www.fullindirin.net/indir.php?&t1=saglamindir&is=Left 4 Dead Full Türkçe Indir

http://www.installads.net/indir.php?t1=androidciapkblgalt&is=World At Arms

http://ld.mediaget.com/index2.php?l=tr&r=ea6.net&f=cheat-engine-61-full-indir&bbls_client_id=336587236&bbl=1&bbl_clk_id=506648-1470745853&use_f=1

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=MinecraftTeamExtreme1.9FullPC&data_send_to_me=3339ADEB856FF02E226F90D71C5678AE4FCDDC43_www.tanercihan.com_coolwbut

http://sub2.bubblesmedia.ru/go/?link=fpncY1/89p jOZ2zGroVLj54ZPXufEz/cq 3ursSxnmzfcApPh3MXq8d4gMQsz7yLx6PvEGs/U/1607eywjS1z1L2RaC4Mpw7lje0VBz5AzFnmKnKGuYWqlp41RERSU=&param=OPUSDBR0LTI=&rid=1752&f=Life_Is_Strange_Episode_1-FLT.torrent&u=http://.../index.php?action=dlattach;topic=341049.0;attach=151586

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=HunkarMt2.rar

http://sub2.bubblesmedia.ru/sb/clk/s/1679/h/469e57/o/145/.../0?a=1&f=Men of War Assault Squad 2 : Men of War Origins

http://sub2.bubblesmedia.ru/sb/clk/s/1771/h/42eda4/o/145/.../49?a=1&f=Wolfteam Hileli carlar

Latest 30 of 1,786 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to sw90.ua-hosting.company (91.215.156.143:80)

TCP (HTTP):

Connects to www.turktelekom.com.tr (195.175.112.193:80)

Remove cyberlink-powerdvd-16-ultra-full-160151060-indir_id4597610ids1s.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.