home

download-video-filmes-de-sexo-oktoberfest.zip.exe

MIDIA TECHNOLOGIES LLC

The application download-video-filmes-de-sexo-oktoberfest.zip.exe by MIDIA TECHNOLOGIES has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. The file has been seen being downloaded from www.alamaya.me.
Publisher:
MIDIA TECHNOLOGIES LLC  (signed and verified)

MD5:
9f3b8de058d813614a2b5d3eb679dfb1

SHA-1:
a8ad83f7feadf3e3dc7dd7ee1eeea1216319b0e1

SHA-256:
646f943e84d11ede2c5b5dd8fd025bc546f9ebd63f12aa1677916a3ed8309212

Scanner detections:
16 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/16/2024 10:40:27 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Downloader.Gen2
7.11.193.202

avast!
Rootkit-gen [Rtk]
141130-1

Baidu Antivirus
Adware.Win32.Midia
4.0.3.14129

Comodo Security
Application.Win32.Midia.HB
20315

ESET NOD32
NSIS/TrojanDownloader.Agent.NRD trojan
7.0.302.0

Fortinet FortiGate
W32/Adload.S!tr.dldr
12/9/2014

G Data
Win32.Adware.Midia
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14280

Kaspersky
Trojan-Downloader.Win32.Genome
15.0.0.543

Malwarebytes
PUP.Optional.Midia
v2014.12.09.05

NANO AntiVirus
Trojan.Nsis.Downloader.djgwey
0.28.6.63850

Norman
Downloader
11.20141209

Reason Heuristics
PUP.MIDIATECHNOLOGIES.m
14.12.9.16

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Downloader.Genome.Win32.52684
2.0.0.2001

File size:
70 KB (71,664 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\download-video-filmes-de-sexo-oktoberfest.zip.exe

Digital Signature
Signed by:
MIDIA TECHNOLOGIES LLC

Authority:
Starfield Technologies, Inc.

Valid from:
10/10/2014 2:15:04 PM

Valid to:
4/11/2015 3:45:06 PM

Subject:
CN=MIDIA TECHNOLOGIES LLC, O=MIDIA TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6FCE7A7D30D9

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:nQpQ5EP0ijnRTXJah5W2IINRgAtF3O2axRX:nQIURTXJah5ZL0vx

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file download-video-filmes-de-sexo-oktoberfest.zip.exe has been seen being distributed by the following URL.

http://www.alamaya.me/ids/.../download-video-filmes-de-sexo-oktoberfest.zip

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.