» mediainfo.exe
Overview
Analysis
File Details

mediainfo.exe

The executable mediainfo.exe has been detected as malware by 23 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

mediainfo.exe

MD5:

9ac7fae0889aabc88726c5dc0084fbec

SHA-1:

adf2857b67c9643b6a558a91f1d0a12904094186

SHA-256:

019057fd09f801099c401d948beb28315d46320f28e53d16be536fbb7c33e693

Scanner detections:

23 / 68

Status:

Malware

Explanation:

mediainfo.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:

4/25/2024 6:46:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Bot.83057

5729548

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

Arcabit

Backdoor.Bot.D14471

1.0.0.425

avast!

Win32:Ramnit-CC [Trj]

150828-0

AVG

Win32/Zbot.F

2015.0.4409

Bitdefender

Backdoor.Bot.83057

1.0.20.1240

Bkav FE

W32.HfsAutoB

1.3.0.7133

Comodo Security

Virus.Win32.Ramnit.OV

23176

Emsisoft Anti-Malware

Backdoor.Bot.83057

10.0.0.5366

Fortinet FortiGate

W32/Ramnit.A

9/5/2015

F-Prot

W32/Patched.B!Generic

4.6.5.141

F-Secure

Backdoor.Bot.83057

5.14.151

G Data

Backdoor.Bot.83057

15.9.25

IKARUS anti.virus

W32.Ramnit

t3scan.1.9.5.0

McAfee

Virus.W32/Ramnit!trace

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.205.1047.0

MicroWorld eScan

Backdoor.Bot.83057

16.0.0.744

NANO AntiVirus

Virus.Win32.Nimnul.bqjjnb

0.30.24.3283

Norman

Backdoor.Bot.83057

04.08.2015 10:30:46

nProtect

Backdoor.Bot.83057

15.09.04.01

Quick Heal

W32.Ramnit.D

9.15.14.00

Sophos

Virus 'W32/Patched-I'

5.15

Total Defense

Win32/Ramnit!remnants

37.1.62.1

File size:

1.5 MB (1,566,165 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\k-lite codec pack\tools\mediainfo.exe

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:OitwUz3r/ezh2BJIwDHmWf42j28N+lMMaeIf+u2rHbRW7rrPssTM8eyQ69bKF:Oi+oQhk04ljNPNsMrrPss5RJOF

Entry address:

0x187000

Entropy:

5.7889

Code size:

670 KB (686,080 bytes)

Remove mediainfo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.