home

miniinstall.exe

Media Labs Ltd

The application miniinstall.exe by Media Labs has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ticnofiledownloader.com.
Publisher:
Media Labs Ltd  (signed and verified)

Version:
0.3.19.102

MD5:
c703d922770a1bb05cfd8295f34a3614

SHA-1:
a771d061e9a09f63b9bcf586d0e973ea264ca384

SHA-256:
53fc70cc209c1304dc271266e77d07b5f7c25cf83bd27b33450631ebbd7e0de1

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 2:57:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.22748
1016

Avira AntiVirus
TR/Crypt.XPACK.Gen2
7.11.145.66

avast!
Win32:Malware-gen
2014.9-140425

AVG
MalSign.Media Labs Ltd
2015.0.3494

Bitdefender
Gen:Variant.Symmi.22748
1.0.20.575

Dr.Web
Adware.Downware.3018
9.0.1.0115

Emsisoft Anti-Malware
Gen:Variant.Symmi.22748
8.14.04.25.06

ESET NOD32
Win32/Packed.PrivateEXEProtector (variant)
8.9721

F-Secure
Gen:Variant.Symmi.22748
11.2014-25-04_6

G Data
Gen:Variant.Symmi.22748
14.4.24

IKARUS anti.virus
Trojan.Win32.Llac
t3scan.1.6.1.0

MicroWorld eScan
Gen:Variant.Symmi.22748
15.0.0.345

Norman
Agent.BA
11.20140425

Panda Antivirus
Suspicious file
14.04.25.06

Sophos
Media Labs
4.98

VIPRE Antivirus
Trojan.Win32.Generic
28594

File size:
1.1 MB (1,191,776 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\miniinstall.exe

Digital Signature
Signed by:
Media Labs Ltd

Authority:
COMODO CA Limited

Valid from:
6/13/2013 8:00:00 PM

Valid to:
6/14/2014 7:59:59 PM

Subject:
CN=Media Labs Ltd, O=Media Labs Ltd, STREET="Electrolitnii pr., 1-3", L=Moscow, S=Moscow, PostalCode=115230, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5D826AF104D695AF42BF589E71B12A07

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gPiGTLCblPb2jHEqoXrsozFeLArNJ0tEcgpW8R/dgLS6+PGH:UiZ5+cAgcc7pW8ReLS68A

Entry address:
0x1000

Entry point:
68, 17, B8, 2A, 15, 64, FF, 35, 00, 00, 00, 00, 50, 9C, 89, 1C, 24, 51, 9C, 89, 14, 24, 9C, 89, 34, 24, 57, 9C, 89, 2C, 24, 68, C1, 10, 40, 00, 8F, 05, 76, 51, CF, 0D, FF, 15, 76, 51, CF, 0D, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, 20, AF, E4, B0, B4, 20, 30, 0E, 02, E8, 35, 0F, 89, 75, 20, AE, B3, 0E, 3E, AA, 25, 27, FD, B3, 86, 1A, FA, C1, 41, 64, 97, 5E, C3, BF, FE, CC, 4D, BA, 8E, 59, 5C, B0, FE, 43, 3E, 27, CA, 04, 5A, 07, AF, EB, 32, 3E, 42, 50, 33, AA, F4, C5, DF, 67...
 
[+]

Entropy:
7.8918  (probably packed)

Code size:
699 KB (715,776 bytes)

The file miniinstall.exe has been seen being distributed by the following URL.

http://ticnofiledownloader.com/13/.../b3B0aW9uPWNvbV9tdHJlZSZhbXA7dGFzaz1hdHRfZG93bmxvYWQmYW1wO2xpbmtfaWQ9MTI0JmFtcDtjZl9pZD0yNA==&dwn_name=Language_Translator.gadget

Remove miniinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.