home

kurulum_id1427057ids1s.exe

mediaget-installer Module

Banner LLC

The application kurulum_id1427057ids1s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from mediaget.com and multiple other hosts.
Publisher:
MediaGet LLC  (signed by Banner LLC)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
a73f762584c40db8fcd964331550dc3f

SHA-1:
b90b8dc9bc50a925ec0f39487c12ab0cdc169f49

SHA-256:
f0b484e86c59f1ab6b38a3db194a17a47aaa82da567c09d1ff8b1e8e899cf090

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
5/5/2024 5:01:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/MediaGet.Gen5
7.11.210.56

avast!
Win32:Malware-gen
2014.9-150215

AVG
Banne
2016.0.3198

Dr.Web
Program.MediaGet.111
9.0.1.046

ESET NOD32
Win32/MediaGet.AF potentially unwanted (variant)
9.11176

G Data
Win32.Adware.MediaGet
15.2.25

K7 AntiVirus
Unwanted-Program
13.194.14967

Kaspersky
not-a-virus:Downloader.Win32.MediaGet
14.0.0.2483

Malwarebytes
PUP.Adware.MediaGet
v2015.02.15.07

McAfee
Artemis!A73F762584C4
5600.6854

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.Banner
15.2.15.7

Sophos
MediaGet
4.98

Trend Micro House Call
Suspicious_GEN.F47V0205
7.2.46

Zillya! Antivirus
Downloader.MediaGet.Win32.339
2.0.0.2067

File size:
625.5 KB (640,544 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kurulum_id1427057ids1s.exe

Digital Signature
Signed by:
Banner LLC

Authority:
COMODO CA Limited

Valid from:
3/26/2014 2:00:00 AM

Valid to:
3/26/2017 1:59:59 AM

Subject:
CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata
Compilation timestamp:
2/4/2015 7:09:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:fgfgfJoKH5QtqytuBPmEPy8Q4gJRRA2qWSGBGjuSzHWavsr37okm4x2imx73:fEw5QtqytuORt4A3Ijs775Ox73

Entry address:
0x12F530

Entry point:
60, BE, 00, C0, 4E, 00, 8D, BE, 00, 50, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
272 KB (278,528 bytes)

The file kurulum_id1427057ids1s.exe has been seen being distributed by the following 5 URLs.

http://mediaget.com/download.php?ref_id=yandex&os=windows

http://sub2.bubblesmedia.ru/go/?link=5b8D8u srBBfQ/B/hFbLDWsqk2ZEdndBLqrAomHOjQSKXK1nXkdaV/.../DzoD5HAAlYrDDhLNKtDKO NUg=&param=SPJnBZANgeM=&rid=1752&s=Football Manager 2015 [3DM] | FULL | Torrent | HIZLI | Sorunsuz | PC indir Yeni&r=torrent-oyun.com&f=Football Manager 2015 [3DM] | FULL | Torrent | HIZLI | Sorunsuz | PC indir Yeni&cs=windows-1254&u=&fu=&cc=1

http://ld.mediaget.com/index2.php?l=tr&r=lr7.net&f=far-cry-3-indir-/-full-/-tek-link&s=Far-Cry-3-indir-/.../-Tek-Link&bbls_client_id=137338891

http://mg.bubblesmedia.ru/index.php?redirect_url=http://ld.mediaget.com/index2.php?l=tr&r=lr7.net&f=far-cry-3-indir-/-full-/-tek-link&s=Far-Cry-3-indir-/.../-Tek-Link

http://torr.mediaget.com/torr.php?r=lr7.net&s=Far Cry 3 indir /.../ Tek Link&f=Far Cry 3 indir /.../ Tek Link

Remove kurulum_id1427057ids1s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.