home

mediaget_installer.exe

MediaGet2

Media Get LLC

The application mediaget_installer.exe, “MediaGet2 Setup ” by Media Get has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cs12.superfiles.me.
Publisher:
MediaGet LLC   (signed by Media Get LLC)

Product:
MediaGet2

Description:
MediaGet2 Setup

Version:
2.1.538.0

MD5:
ce8cc6f0a5161fe2fd645edb521fe2c0

SHA-1:
b373397c4463c652bbc56d987f80daada11f9d95

SHA-256:
4cb7c976017a184f11dc4e06ead5bb472de684d6fab8c77ba5aca7aa6cbec104

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/25/2024 11:41:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/GoodMedia.C.20
7.11.30.172

avast!
Win32:Adware-gen [Adw]
2014.9-160207

AVG
Generic4
2017.0.2840

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Program.MediaGet.87
9.0.1.038

ESET NOD32
Win32/MediaGet.AE (variant)
10.10776

Fortinet FortiGate
Riskware/MediaGet
2/7/2016

G Data
Win32.Adware.MediaGet
16.2.24

NANO AntiVirus
Riskware.Dos.Babylon.cwhyhv
0.28.0.60475

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
Win32.Generic
16.2.7.17

Rising Antivirus
Trojan.Win32.Generic.12E5A50D
23.00.65.16205

Sophos
PUA 'MediaGet' (of type Adware)
59

Vba32 AntiVirus
Downloader.MediaGet
3.12.24.3

File size:
15 MB (15,740,272 bytes)

Product version:
2.1.538.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\mediaget_installer.exe

Digital Signature
Signed by:
Media Get LLC

Authority:
The USERTRUST Network

Valid from:
3/9/2011 3:00:00 AM

Valid to:
3/9/2014 2:59:59 AM

Subject:
CN=Media Get LLC, O=Media Get LLC, STREET=Sadovaya 53, L=Saint-Petersburg, S=Russia, PostalCode=190344, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
71D26D579AEE6A768F27CF3B6D4E9A91

File PE Metadata
Compilation timestamp:
10/30/2010 11:54:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:4lzKqLU2VIacClcLMd/7ek4SCthsfEYs0GSVViq:cvU2VLcCMMd6DsfEYASiq

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file mediaget_installer.exe has been seen being distributed by the following URL.

http://cs12.superfiles.me/f/082238228206191126002159003187013212201234135206158029/1454841236/57584998/0/.../MediaGet2-spaces.ru.exe

Remove mediaget_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.