home

media finder.exe

Media Finder

The application media finder.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address server-54-230-163-24.jax1.r.cloudfront.net on port 443.
Publisher:
Media Finder

Product:
Media Finder

Version:
1.0.9.29

MD5:
7a38561333e3c9637074dcb9e60574ce

SHA-1:
63c4bc4a302ec43ad71ccae555fc701b2d646df7

SHA-256:
58945176a4c7b0c4196fe9f8869e6eba2c5685ca0d56ed3b74149426b5feedc9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 1:57:25 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.MediaFinder.M
188163

Reason Heuristics
PUP.Optiona.MediaFinder.Meta
15.6.14.22

File size:
8.2 MB (8,613,888 bytes)

Product version:
1

Copyright:
Media Finder 2012

Original file name:
MF.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\media finder\media finder.exe

File PE Metadata
Compilation timestamp:
6/28/2012 7:43:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:TcgVu9WeR3Nkd4sEhrmTty+0sVL0D2A2ao4r2GMMpl/xroodt9SdrBc41rpUqK30:1uJyWsEsp0D2A2abecIsiWfINWHR

Entry address:
0x454188

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, AC, 50, 84, 00, E8, 97, 78, BB, FF, 8B, 1D, 00, FF, 87, 00, E8, 1C, 0D, FF, FF, 84, C0, 75, 49, 8B, 03, E8, 45, F2, CB, FF, 8B, 03, B2, 01, E8, 78, 0F, CC, FF, 8B, 03, BA, 04, 42, 85, 00, E8, 4C, EC, CB, FF, 8B, 0D, 98, FB, 87, 00, 8B, 03, 8B, 15, 74, 2E, 81, 00, E8, 35, F2, CB, FF, 8B, 0D, 38, 04, 88, 00, 8B, 03, 8B, 15, 08, 9F, 83, 00, E8, 22, F2, CB, FF, 8B, 03, E8, 6B, F3, CB, FF, 5B, E8, 81, 27, BB, FF, 00, B0, 04, 02, 00, FF, FF, FF, FF, 0C, 00, 00, 00, 4D, 00, 65, 00...
 
[+]

Entropy:
6.5578

Code size:
4.3 MB (4,534,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 146.120.89.45.ip.ukrnames.com  (146.120.89.45:80)

TCP (HTTP SSL):
Connects to server-54-230-108-178.nrt53.r.cloudfront.net  (54.230.108.178:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-nrt1.facebook.com  (31.13.82.36:443)

TCP (HTTP):
Connects to 195.88.243.21.ip.ukrnames.com  (195.88.243.21:80)

TCP (HTTP SSL):
Connects to server-54-230-163-24.jax1.r.cloudfront.net  (54.230.163.24:443)

Remove media finder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.