» mediadownloader.exe
Overview
Analysis
File Details
Downloads (2)

mediadownloader.exe

InstallVibes

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application mediadownloader.exe by InstallVibes has been detected as adware by 15 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from lp.videodownloader.me and multiple other hosts.

File name:

mediadownloader.exe

Publisher:

InstallVibes (signed and verified)

MD5:

ac6f4874c61881ed87efe245b9e951ca

SHA-1:

6c24d6487c2c48f46ebcb480b4886ee1c12be510

SHA-256:

783a383dbda9f642ced785543f0959c9a659e4ea907132aa04110bc358b586b2

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 12:22:29 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen9

7.11.164.206

avast!

Win32:Adware-gen [Adw]

2014.9-140731

AVG

Bundlo

2015.0.3397

Comodo Security

Application.Win32.Bundlore.L

19039

Dr.Web

Adware.Downware.6420

9.0.1.0212

ESET NOD32

Win32/Bundlore (variant)

8.10184

herdProtect (fuzzy)

variant of setup.exe (Adware)

2014.9.10.14

IKARUS anti.virus

PUA.Bundlore

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.182.12911

Malwarebytes

PUP.Optional.InstallCore

v2014.07.31.07

McAfee

PUP-FLY

5600.7053

Panda Antivirus

Trj/Genetic.gen

14.07.31.07

Reason Heuristics

PUP.InstallVibes.P

14.7.31.6

Sophos

Bundlore

4.98

VIPRE Antivirus

Threat.4150696

31208

File size:

263.8 KB (270,080 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\mediadownloader.exe

Digital Signature

Signed by:

InstallVibes

Authority:

COMODO CA Limited

Valid from:

3/19/2014 8:00:00 PM

Valid to:

3/19/2016 7:59:59 PM

Subject:

CN=InstallVibes, O=InstallVibes, STREET=Ehad Haam 21 St., L=Tel Aviv, S=Israel, PostalCode=6515103, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F29201EBC1EAD2B751F2854AD68C6244

File PE Metadata

Compilation timestamp:

7/20/2014 5:48:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:nsw+a3x5kIsgXK/hxe6GAxiH7dOUE4cVZH:nsw93x5kIpisz0ZVZ

Entry address:

0x589F

Entry point:

E8, D8, 47, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, C3, 41, 00, E8, CB, 1D, 00, 00, E8, B4, 2E, 00, 00, 0F, B7, F0, 6A, 02, E8, 6B, 47, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2A, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.4481

Code size:

82.5 KB (84,480 bytes)

The file mediadownloader.exe has been seen being distributed by the following 2 URLs.

http://lp.videodownloader.me/download/.../?software=MediaDownloader&name=MediaDownloader.exe&no_cache=86296f44558a7ce6f0ce1c68f33d245716b265f3c5

http://lp.videodownloader.me/.../setup.exe

Remove mediadownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.