home

mediaget_id2540811ids1s.exe

mediaget-installer Module

Banner LLC

The application mediaget_id2540811ids1s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ld.mediaget.com and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Banner LLC)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
5fa59b5e7bda25a6ba45d272ef59afd7

SHA-1:
2b2cc976e5cee9a51fecc70704aa42e539d7db78

SHA-256:
3741578923d6dfa3e81d1cf302948c7394da8c0da56e02cfbe48aee34e62594e

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:08:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/MediaGet.Gen5
3.6.1.96

AVG
Banne
2016.0.3160

Baidu Antivirus
Adware.Win32.MediaGet
4.0.3.15325

Comodo Security
Application.Win32.MediaGet.G
21532

Dr.Web
Program.MediaGet.120
9.0.1.084

ESET NOD32
Win32/MediaGet.AF potentially unwanted (variant)
9.11374

Fortinet FortiGate
Riskware/MediaGet
3/25/2015

G Data
Win32.Adware.MediaGet
15.3.25

K7 AntiVirus
Unwanted-Program
13.202.15372

Kaspersky
not-a-virus:Downloader.Win32.MediaGet
14.0.0.2294

Malwarebytes
PUP.Adware.MediaGet
v2015.03.25.07

McAfee
Artemis!5FA59B5E7BDA
5600.6816

Reason Heuristics
Optional.MediaGetApp.Installer
15.3.25.7

Sophos
MediaGet
4.98

Trend Micro House Call
Suspicious_GEN.F47V0324
7.2.84

File size:
633 KB (648,224 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mediaget_id2540811ids1s.exe

Digital Signature
Signed by:
Banner LLC

Authority:
COMODO CA Limited

Valid from:
3/26/2014 4:00:00 AM

Valid to:
3/26/2017 3:59:59 AM

Subject:
CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata
Compilation timestamp:
3/24/2015 6:13:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:jheVImHF8qKt/1ssykNBP+6HOnSXRDEYOjyLuHHKF39NetsmK9f7N:jh2ImHF8qC/19yA/HOwRYYTLuHqFSsm4

Entry address:
0x14C100

Entry point:
60, BE, 00, 80, 50, 00, 8D, BE, 00, 90, EF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
276 KB (282,624 bytes)

The file mediaget_id2540811ids1s.exe has been seen being distributed by the following 27 URLs.

http://ld.mediaget.com/index3.php?reinstall=true&os=windows&r=google&bbls_client_id=146108648

https://mega.nz/temporary/.../CkRAjYJR

http://ld.mediaget.com/index2.php?l=ru&fu=http://torrentindir.in/indir/PES.2014.Reloaded.zip&r=torrentindir.in&f=pes-2014&p=http://torrentindir.in/.../PES-2014.jpg&bbls_client_id=157522815

http://torr.mediaget.com/torr.php?r=kisa.bz&s=ht-bandicam-full-key-zip&f=ht-bandicam-full-key-zip

http://sub2.admitlead.ru/sb/clk/s/487/h/bded8d/o/471/p/1506/.../0?a=1&auto=1

http://mediaget.com/torrent.php?r=vessoft.com

http://ld.mediaget.com/?test-bin=2.01.3192&reinstall=true

http://sub2.bubblesmedia.ru/go/?link=Q75EfCKDBzlFSUbPabYMfcDmcMTM69TlIn9WnafXV3wYVAaR6s/Ys3/alEkJGmZBULvSZa6qOASvQFOhFGB3yixumixpL MXSyetHnR/ULb5wIX6skEERZCKkj aB0/v2C4i58QcxV8IgQ==&param=t9WY8TaYCTs=&rid=995&s=???-2. ????? ?????? (3973 ??????) [27/.../2015, ??-???, SATRip] • , , , , , &r=riper.am&f=???-2. ????? ?????? (3973 ??????) [27/.../2015, ??-???, SATRip] • , , , , , &cs=UTF-8&u=

http://sub2.bubblesmedia.ru/go/?link=waBsZiAPSPshNeLF/x7qLTe/dYX9L0LXKLKELuFH0YkV4UsFdK YX2PQcqJVYNC4DkYPrJQbKSXLpcb431N8qlgIiFllR hAamn8dNLe0lAIhz3Em/jQuuEzpiYo51yaX9Nw6Y5VTxQCSg==&param=xEBr5EsSP/Y=&rid=2779&s=????? "?????? ??????????? ????" - ???? ????? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????.net&r=litmir.me&f=????? "?????? ??????????? ????" - ???? ????? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????.net&cs=UTF-8&u=&fu=http://www.litmir.me/data/Book/0/115000/.../Adchi_Murad__Polyn_Poloveckogo_polya__Litmir.net_115213.fb2.zip

http://mediaget.com/torrent.php?r=pc-torrents.com&u=

http://sub2.bubblesmedia.ru/go/?link=wJDlm89MeWZ1ohBEbflSocH/ESa Y9oIcHRK9A3N8LB/.../o1qury3rE8SVMiMkCVdqVIlkUuNrwsxYLlHLCNw841oERZuJKzhmTk0DRXVG89txoBPoA3ispvVR5VEqa1gzcOFg1cXFw==&param=Q4AR 00LDW8=&rid=890&s=Winx Club: ?????? ?????&r=torrent-land.ru&f=Winx Club: ?????? ?????&cs=UTF-8&u=

http://mediaget.com/download.php?ref_id=yandex&os=windows

http://sub2.admitlead.ru/sb/clk/s/488/h/b90b51/o/471/p/1506/.../0?a=1&auto=1

http://sub2.bubblesmedia.ru/sb/clk/s/2688/h/7d4228/o/145/p/1256/.../0?a=1

http://mediaget.com/torrent.php?r=pc-torrents.com&u=http://pc-torrents.com/.../download.php?id=352http://pc-torrents.com/.../download.php?id=353

http://sub2.bubblesmedia.ru/go/?link=6QAWcMCaGbaCrb/u/mfC/.../k5VYmWVfhW0UGvszA7kRAfa5by8MR36x2N72iuWHWs7qdw==&param=DXtMAglK584=&rid=1740&s=??????? ?????? ?????????? ????? (5 ????) ??????? ?????????.&r=takelink.ru&f=??????? ?????? ?????????? ????? (5 ????) ??????? ?????????.&cs=windows-1251&u=&fu=

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?comment=o471|p0|i0|l100|e0|s573&r=al_advmaker300Svideo.ru

http://sub2.admitlead.ru/sb/clk/s/415/h/b960f9/o/471/sub/0?a=1&fu=http://allprogs.com/uploads/.../BlueStacks_Rus_Setup_8302.rar

http://sub2.bubblesmedia.ru/sb/clk/s/1038/h/90d092/o/145/p/2102/.../0?a=1

http://sub2.admitlead.ru/sb/clk/s/528/h/2b01f6/o/471/.../0?a=1

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?comment=o471|p0|i4002|l100|e0|s582&r=al_2advmaker.slide300old.ru

http://sub2.bubblesmedia.ru/go/?link=uGV2mnwTrewv/AiRjo8Li8415FAv3QHRqtzcInYKSppyxj1Uz75eF52JnNUQVQkmL0MOnHD0P6r9xoZZFzC9ZC3w1gqKD97siWeYvjQLuSN8zpXRYgF2BSPtbRDp9NUIYlHONVqEiWIMpQ==&param=qi0SdF3kvpA=&rid=1083&s=&r=manytorrents.net&f=????? / Blackhat (2015) WEB-DL 720p&cs=UTF-8&u=http://manytorrents.net/.../0-0-0-28564-20

http://mediaget.com/torrent.php?r=dosya.host9&s=minecraft launcher&f=minecraft launcher

http://ld.mediaget.com/index2.php?l=en&r=n-torrents.ru&bbls_client_id=154715444&bbl=1&bbl_clk_id=99881-1427702334

http://filmitorrent.org/engine/dude/.../leech_out.php?a:aHR0cDovL3N1YjIuYnViYmxlc21lZGlhLnJ1L3NiL2Nsay9zLzEwMDIvby8xNDUvcC8yMTAyL3N1Yi9maWxtaTk5OT9hPTE=

http://mediaget.com/torrent.php?r=saglamindir.net&u=http://www.saglamindir.net/.../CS.torrent&f=Setup

http://sub2.bubblesmedia.ru/sb/clk/s/1615/h/b71cf6/o/145/.../0?a=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)

Remove mediaget_id2540811ids1s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.