» mediaget_id1721029ids2s.exe
Overview
Analysis
File Details
Downloads (23)
Network (1)

mediaget_id1721029ids2s.exe

mediaget-installer Module

Banner LLC

The application mediaget_id1721029ids2s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from sub2.admitlead.ru and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.

File name:

Publisher:

MediaGet LLC (signed by Banner LLC)

Product:

mediaget-installer Module

Description:

MediaGet installer

Version:

1.0

MD5:

7ddc8969179961435031822c12583eb6

SHA-1:

9c14595eceefdd8a19bf49b674f7b0206da71578

SHA-256:

beab5079532d86f0687c2ba82721af19e2b1c909b9ba33f191dddf156865439c

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 3:48:31 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/MediaGet.Gen5

7.11.211.248

AVG

Banne

2016.0.3191

Dr.Web

Program.MediaGet.114

9.0.1.053

ESET NOD32

Win32/MediaGet.AF potentially unwanted (variant)

9.11213

Fortinet FortiGate

Riskware/MediaGet

2/22/2015

G Data

Win32.Adware.MediaGet

15.2.25

K7 AntiVirus

Unwanted-Program

13.197.15043

Kaspersky

not-a-virus:Downloader.Win32.MediaGet

14.0.0.2449

Malwarebytes

PUP.Adware.MediaGet

v2015.02.22.03

McAfee

Artemis!7DDC89691799

5600.6847

Reason Heuristics

Optional.MediaGetApp.Installer

15.2.22.3

Sophos

MediaGet

4.98

Trend Micro House Call

Suspicious_GEN.F47V0218

7.2.53

File size:

663 KB (678,944 bytes)

Product version:

1.0

Original file name:

mediaget-installer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\mediaget_id1721029ids2s.exe

Digital Signature

Signed by:

Banner LLC

Authority:

COMODO CA Limited

Valid from:

3/26/2014 3:00:00 AM

Valid to:

3/26/2017 2:59:59 AM

Subject:

CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata

Compilation timestamp:

2/18/2015 5:08:12 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:lHaja2wveHzAX7/5GqQdSNTiPy8M2iJPMNFpAV/HANPBPFDBv/54KFW2gKF:lHaO2yeHzc5FQANTDSCAFkHANPBdDBHz

Entry address:

0x146C90

Entry point:

60, BE, 00, 30, 50, 00, 8D, BE, 00, E0, EF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

272 KB (278,528 bytes)

The file mediaget_id1721029ids2s.exe has been seen being distributed by the following 23 URLs.

http://sub2.admitlead.ru/split/.../209?sub1=freeSpl

http://www.mmohelper.ru/go.php?http://sub2.bubblesmedia.ru/sb/clk/s/1665/h/689943/o/145/.../dlnew21?a=1

http://sub2.bubblesmedia.ru/go/?link=N0Xwqm 8Usa qdtIZcsL7g6h8Qlxtabzdpd7MG9jYjVwngTilDkCG6WKM8cvFjNne5sbUcuNGnYF1P 9oFvQvoOvXqyxhptheDm05ZNqTk20Tpwamue90O97jsM5q9j m0OOKf4wXdlR1cRTI1i5h/.../GoII=&rid=2514&cc=1

http://sub2.bubblesmedia.ru/.../?link= kg bwY5WZclfFN0OtYyX4oUYahrkSk9LTKU79KHf4sS7bxVahc6emmg1X4GDBfrwIMtSLk OJTmtXkwUd4zAMXGNkcMIPXcP6vI1j0sSt5JHArgVii6AGD8aNwc6k8gn483jed8t9nx&param=RAI7tPJ4mHs=&rid=870&s=GRID 2 - Reloaded Edition (RUS|ENG) [Palladin03] (2014) &r=megashara.com&f=GRID 2 - Reloaded Edition (RUS|ENG) [Palladin03] (2014) &cs=UTF-8&m=magnet:?xt=urn:btih:8d8ba881be85de8c574e86492fc3bb8f44f47b2f&dn=%5Bmegashara.com%5D+GRID+2+-+Reloaded+Edition+%28RUS%7CENG%29+%5BPalladin03%5D+%5BRePack%5D+%282014%29+PC&tr=http%3A%2F%2Fretracker.local%2Fannounce&tr=http%3A%2F%2Fpubt.net%3A2710%2Fannounce&tr=udp%3A%2F%2Fpubt.net%3A2710%2Fannounce&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&cc=1

http://torr.mediaget.com/torr.php?r=oyungezginler.com&s=Gta San Andreas full indir – Tek Link&f=Gta San Andreas full indir – Tek Link

http://mediaget.com/torrent.php?r=saglamindir.net&s=Grand Theft Auto III Full Türkçe Indir &f=Grand Theft Auto III Full Türkçe Indir

http://sub2.bubblesmedia.ru/go/?link=zAwEaUfUdSYJvukrmfnqsHnFJDQUKoBjPk2GsHYRiQFQ3Oel i26uR12D5rxByp4ZVuCwO20 0LTttFaH9MbD43hCMucDJeoiyJ 6jgYhw/bujIKh9m7PuoNa2g7qWdXVXGbW7EcxOCWtA==&param=tFbgW5X pdU=&rid=1961&s=??????? ?? ?????? - ???????? ?????? ???? ??????? ?????? ?? 1 1 ???????? ??? ????? ?????? ? ??????? ?????? /.../ ???????? ???? ????? ?????? (??????, 2011) ??????&cs=UTF-8&u=&fu=&cc=1

http://mediaget.com/torrent.php?r=doramakun.ru

http://sub2.bubblesmedia.ru/go/?link=mCjG1fs9OsXq2T6w5Njfwc wlhyHxFHBiGVpXtL4HoSMWd7 TPrxoMqn5bpES56UNxI NnxKEmJvnNF7HKR6E/L/Lx25eb3Pnp67lVa/.../vg&param=4HC0FMoI2rY=&rid=973&s=Las mil y una noches Capitulo 94 Online | Novelas en Vivo&r=novelasenvivo.com&f=Las mil y una noches Capitulo 94 Online | Novelas en Vivo&cs=windows-1252&u=&cc=1

http://sub2.bubblesmedia.ru/go/?link=KOUNhrR7uV1r15MGcJHeA DG24O6/uThwOLCI fY C/.../Hpfi6oMYlH1i4cGMHPj8rWxnL sLQ==&param=fHzwmuPyBVM=&rid=1512&s=FIFA 15 (RePack) PC ?&r=webtorrent.org&f=FIFA 15 (RePack) PC ?&cs=windows-1251&u=&fu=&cc=2

http://sub2.bubblesmedia.ru/go/.../KcxrSOmIqY UiXoUIAg2uxP0ad0NohKfe6z8sfNfEVK6ZZcBu3t2bE5Pm3RpA6o=&param=NpyqHTAgEqU=&rid=1041&s=????? ???. ????? ??? - ?????????? ?????. 2 ?????. 14 ?????. ???????? ?????? ????????? ?? ??????? ????? (S02E14)&r=seria-online.ru&f=????? ???. ????? ??? - ?????????? ?????. 2 ?????. 14 ?????. ???????? ?????? ????????? ?? ??????? ????? (S02E14)&cs=UTF-8&u=&cc=2

http://sub2.bubblesmedia.ru/go/?link=SVHmXZuhfdEOdz8tXRmrqWdcG4 FdDRRGt23VlptIZRzIQxY/D/7nhfrWiuftLw0E4FgTp/Nn8WcSykDZrPG1o/I0wl 9KwR5QZCLhtwndPDaZrMbjUH790Mhhv JFy1X0nXO2n/ehRrtA==&param=lmia42swSBk=&rid=1962&s=?????? ???? ????? ?????? 2015 ???????? ?????? /.../ ?????? ???? ??????? ?????? ?????? ??? ????? (1 1) - ? - ??????? ?? ?????? ?????? - ??????? ?? ?????? 2014 ? HD ??????&cs=UTF-8&u=&fu=&cc=1

http://mediaget.com/download.php?ref_id=soft-file.ru&os=windows

http://sub2.bubblesmedia.ru/sb/clk/s/1038/h/90d092/o/145/p/2102/.../0?a=1

http://mediaget.com/download.php?os=windows

http://mediaget.com/torrent.php?r=pc-torrent.ru&u=

http://sub2.bubblesmedia.ru/go/?link=8doK84q1bWY7kfstkaGOJfQ63i7a9ZXSgt8zCCtapJ9QTmIEaz/Umu4QU8NSRbIsRlFAi07NYm5QulWZJi29yIojTGbhIPFf5xqyXvhzXg1PYobiKL46yX0beOZOqRJe6l/EZClhr8dUAg==&param=sWINkKqh2sA=&rid=1962&s=?/.../ ?????? ????????? ? ????? ???????? 1-4 ????? ?????? - ? - ??????? ?? ?????? ?????? - ??????? ?? ?????? 2014 ? HD ??????&r=sezontv.net&f=?/.../ ?????? ????????? ? ????? ???????? 1-4 ????? ?????? - ? - ??????? ?? ?????? ?????? - ??????? ?? ?????? 2014 ? HD ??????&cs=UTF-8&u=&fu=&cc=1

http://torr.mediaget.com/torr.php?r=ea6.net&s=Siyah At ? The Dark Horse T?rk?e Dublaj Tek Par?a izle&f=Siyah At ? The Dark Horse T?rk?e Dublaj Tek Par?a izle

http://mediaget.com/download.php?ref_id=google&os=windows

http://ld.mediaget.com/index2.php?l=tr&r=fulltorrent.org&f=need-for-speed-most-wanted-full-zamunda-torrent-indir-torrent-download-full-indir-full-y&bbls_client_id=144529480&bbl=1&bbl_clk_id=363715-1424443037

http://torr.mediaget.com/torr.php?rid=1432&f=Need For Speed: Most Wanted - FULL - Zamunda Torrent - indir - Torrent Download - Full indir - Full y&cc=1&r=fulltorrent.org&bbl=1&bbl_clk_id=363715-1424443037&bbls_client_id=144529480

http://sub2.bubblesmedia.ru/go/.../nB6QopHPOB5GRIgI6p2VNe5XEBCvg==&param=Ask5KCqJbxw=&rid=1432&f=Need For Speed: Most Wanted - FULL - Zamunda Torrent - indir - Torrent Download - Full indir - Full y?kle&cc=1

http://torr.mediaget.com/torr.php?r=kisa.bz&s=marssrombot-rar&f=marssrombot-rar

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to sw90.ua-hosting.company (91.215.156.143:80)

Remove mediaget_id1721029ids2s.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.