» miniinstall.exe
Overview
Analysis
File Details
Downloads (1)

miniinstall.exe

Media Labs Ltd

The application miniinstall.exe by Media Labs has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ticnofiledownloader.com.

File name:

miniinstall.exe

Publisher:

Media Labs Ltd (signed and verified)

Version:

0.3.19.42

MD5:

dd9571f3b493e124bcaf3b0f392bbca8

SHA-1:

afc25dac4cef4fabac25f39334bf20ba6bff8898

SHA-256:

197dff4da2678f0f4bc051b9ade139dc1785e54fd05a804cf11c52aaf1c34e5c

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 3:41:58 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.MultiBar

2014.12.14

Avira AntiVirus

APPL/Downloader.Gen

7.11.195.56

AVG

Media Labs Ltd

2015.0.3261

Comodo Security

Application.Win32.Multibar.AJKI

20360

Dr.Web

Adware.Downware.1919

9.0.1.05190

ESET NOD32

Win32/Multibar.AK potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Badur

12/13/2014

F-Prot

W32/A-c713009c

v6.4.7.1.166

G Data

Win32.Application.Multibar

14.12.24

IKARUS anti.virus

PUA.SuspectCRC

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.187.14319

Malwarebytes

PUP.Optional.MediaLab

v2014.12.13.10

McAfee

Program.PUP-FLF

16.8.708.2

NANO AntiVirus

Trojan.Win32.Downware.ctcuds

0.28.6.63850

Norman

Delf.KFGS

11.20141213

Reason Heuristics

PUP.MediaLabs.L

14.12.13.21

Rising Antivirus

PE:PUF.TicnoPush!1.9C65

23.00.65.141211

Sophos

PUA 'Media Labs'

5.08

VIPRE Antivirus

Threat.4150696

35418

File size:

347 KB (355,328 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\miniinstall.exe

Digital Signature

Signed by:

Media Labs Ltd

Authority:

COMODO CA Limited

Valid from:

6/14/2013 6:00:00 AM

Valid to:

6/15/2014 5:59:59 AM

Subject:

CN=Media Labs Ltd, O=Media Labs Ltd, STREET="Electrolitnii pr., 1-3", L=Moscow, S=Moscow, PostalCode=115230, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5D826AF104D695AF42BF589E71B12A07

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:e9t+jfdphcwcYLabVVpe4aD3VwOaoYTKFziMMmRDA1A3phXvUuGeX:e9tChcwcYAHpH4eOaoYyziM3RDA1Sh/9

Entry address:

0xDA5E0

Entry point:

60, BE, 00, 50, 49, 00, 8D, BE, 00, C0, F6, FF, C7, 87, 9C, E0, 0A, 00, 89, 50, 5C, A9, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

280 KB (286,720 bytes)

The file miniinstall.exe has been seen being distributed by the following URL.

http://ticnofiledownloader.com/.../?wmid=wbsm_299.7_sftport&url=aHR0cDovL21wM3ByaW1hLmNvbS9maWxlcy8xMjEwL0FsbGErUHVnYWNoZXZhK2krTWFrc2ltK0dhbGtpbistK0V0bytseXVib3ZfXyhtcDN0b3AxMDAubmV0KS5tcDM=

Remove miniinstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.