home

installer_media_downloader.exe

Sagatebac

Beta Platform (Alpha Criteria Ltd.)

The application installer_media_downloader.exe, “Sagatebac Setup ” by Beta Platform (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.sendchucklebulk.com.
Publisher:
Beta Platform (Alpha Criteria Ltd.)  (signed and verified)

Product:
Sagatebac

Description:
Sagatebac Setup

Version:
1.7.5.8

MD5:
ec00abe130f301136ce4698ddebab320

SHA-1:
5d2a9c97aa5c4c5e807416d007d865325c48b8af

SHA-256:
afaf971e50f2dcf0d474284a81fbc35f86b5da69afc043dd9ae34549a8d13b83

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/16/2024 3:42:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.8.2

File size:
931.9 KB (954,232 bytes)

Product version:
1.8

Copyright:
Application installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_media_downloader.exe

Digital Signature
Signed by:
Beta Platform (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:06:52 PM

Valid to:
7/27/2016 10:11:01 PM

Subject:
CN=Beta Platform (Alpha Criteria Ltd.), O=Beta Platform (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C0582DA1F6650EA43C09C2584F1DCEEF

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9351

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file installer_media_downloader.exe has been seen being distributed by the following URL.

http://www.sendchucklebulk.com/H8pT6caREMjb41Q6M9VtKxgdxVH6jg 7mC9pS1VYrt4W WiZQ2zJyO_0NgxP2ITMm ZotdwK3iakMwAB6YLGs8nRyXQaNDtnK56FPX9s8zMzmK 2LJk6_BZbBNk7aEFls6074XtHtwq0IkaEbbTlGnpyI4RavPyiDt2zpVs4bIcnFF0IX75SZBB3DDCKjMyQiMSxWl3oJCutwtYElMeshIG2djuONM3g1EA6pH_E0TvlUKxPzHdRA3eEfzxY MzCU6pc9YVN63YkeYozW21QjzELG51vPs1 FvkJQz_sBORjcpaaq GVYXMcDsK4_RymaFPq73i3iIKJJqnqCFQFrmYXHvRZkINAfqo3k2sOo6Tdf99O0t7xeoY1l5eFMdxVFAiYmJkFPeSTyRXc7JzyxjWPPMpbuvMklxX_8PcYmcCqZVU1Ez1hH0A5Ob9wPR1zIOz64AczspJN5nx8OSQW_BM4vBpUGn1jg45RdGBRd_jsowQPj WcNDke6pM0pG4JKJjCkfD4LCyqbxWu9Q3763vkmQlMTHdveuB0vtvh04osq1kAGdLAfUtx7QFjTMDqtM42bcREZ1A_0DE37ZBrcCirsZfUbXd8Egj o7WKIZ7T1l9Uzd3cc0XgutptkifiZ6A3GdzpHQ2rowrB FXWONJCnnjqSzELZDvy0NpgEtETd8IaiYahb OTZ5bKkK8vrMgSHYcsm2Tk1KSQT0 VpYqu7navOHFpBOez7m77mWvOnPAEDnsYFEMZIBayet0PJZPsnh1qeNUEyd5q4Xcq0Kv5KTP5duGg8cpF3r8vmRKmXHjnjqke88PiqMYoG3 vIaNWnC5hmCi2McNZK0bBazaoN0L0B3BEVMRJvDTrFxHocEa3LKWE5UrK7vBXkNIp8iQzZ0Lf4hoqQMVGL6qAiTtoATjghRPTECzYgafVyIPPCNF8wLuCGlz4ntT4ub83gJMy26 SO

Remove installer_media_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.