» microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe
Overview
Analysis
File Details
Downloads (1)

microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe

mediaget-installer Module

MediaGet LLC

The application microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe, “MediaGet installer” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from torr.mediaget.com.

File name:

Publisher:

MediaGet LLC

Product:

mediaget-installer Module

Description:

MediaGet installer

Version:

1.0

MD5:

47cb800393d848ae97f832b0be88604d

SHA-1:

69b050c06d0aec6ba671b63f27f4a9da786f4df7

SHA-256:

bc99e3365b0b5496c7381cac727d2faf0aae923d6b60526a856930873a8db59e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 3:20:13 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MediaGet.Optional (L)

16.8.3.20

File size:

547.8 KB (560,992 bytes)

Product version:

1.0

Original file name:

mediaget-installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe

File PE Metadata

Compilation timestamp:

7/5/2016 2:51:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:u92qtdcZSGxduVjWpmc5+6gcfojPhXDJSpFOS7rf+Nj:C2qbrVaUckcfI5o1XG

Entry address:

0x12CCD0

Entry point:

60, 0F, BA, ED, 77, 81, FA, CC, DB, 00, 00, 70, 05, BA, A4, E6, 97, 8D, 0F, CA, C6, C4, 3E, 8B, F7, 0F, CE, 29, C0, 09, D3, 68, E1, BA, F7, FF, 8B, D2, 88, F8, 84, FD, 59, 81, FB, 6E, CB, 00, 00, 78, 05, 0F, AF, C2, F7, DA, 81, C1, B2, F9, 08, 00, 0F, BF, F3, 0F, C0, DB, 33, F9, D2, D4, FF, CB, 0D, 2B, 7C, C3, E8, 68, C3, 4E, D7, 00, FF, C6, 0F, BA, E9, 1B, 0D, 77, CC, 24, AD, FE, CC, 88, F9, E8, 00, 00, 00, 00, 85, C0, F7, D1, 88, D3, 0F, C1, FB, 8A, EB, 69, FA, 79, 10, 0E, 79, 0F, BC, D7, 87, D1, 4A, 8D... 
[+]

Code size:

276 KB (282,624 bytes)

The file microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe has been seen being distributed by the following URL.

http://torr.mediaget.com/torr.php?r=fullucretsizindir.com&s=Microsoft Office 2010 Professional Plus 32x64 Bit Türkçe Full Indir Lisanslama Programlari Mevcut&f=Microsoft Office 2010 Professional Plus 32x64 Bit Türkçe Full Indir Lisanslama Programlari Mevcut

Remove microsoft-office-2010-professional-plus-32x64-bit_id1164920ids5s.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.