home

Setup.exe

MediaDrug Installer

Quant LLC

The file Setup.exe, “MediaDrug Online Installer” by Quant has been detected as a potentially unwanted program by 20 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from setup.mediadrug.com and multiple other hosts.
Publisher:
MediaDrug  (signed by Quant LLC)

Product:
MediaDrug Installer

Description:
MediaDrug Online Installer

Version:
1.7.0.0

MD5:
d08caac00be4afe7c7653d03bf14130d

SHA-1:
f8d25ce01e09daae831dc1900ee4895d3cb06515

SHA-256:
81bb465eccb4fe34bdd9319f4dc359e41dd4bd078f050ed0183cf257d28d3c0a

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 8:02:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1847590
855

Baidu Antivirus
Adware.Win32.InstallRex
4.0.3.14103

Bitdefender
Trojan.GenericKD.1847590
1.0.20.1380

Emsisoft Anti-Malware
Trojan.GenericKD.1847590
8.14.10.03.03

Fortinet FortiGate
W32/Agent.AISP!tr
10/3/2014

F-Secure
Trojan.GenericKD.1847590
11.2014-03-10_6

G Data
Trojan.GenericKD.1847590
14.10.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.8.0

K7 AntiVirus
Riskware
13.183.13476

Kaspersky
Trojan.Win32.AntiFW
14.0.0.3159

McAfee
Artemis!D08CAAC00BE4
5600.6989

MicroWorld eScan
Trojan.GenericKD.1847590
15.0.0.828

nProtect
Trojan.GenericKD.1847590
14.09.24.01

Panda Antivirus
Trj/Genetic.gen
14.10.03.03

Qihoo 360 Security
Win32/Trojan.Anti.c52
1.0.0.1015

Reason Heuristics
PUP.Optional.Installer
15.3.11.17

Sophos
Troj/Agent-AISP
4.98

Trend Micro House Call
TROJ_SPNV.01IG14
7.2.276

Trend Micro
TROJ_SPNV.01IG14
10.465.03

Vba32 AntiVirus
Trojan.AntiFW
3.12.26.3

File size:
643.6 KB (659,024 bytes)

Product version:
1.7.0.0

Copyright:
Copyright 2013

Original file name:
MediaDrugInstaller.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Quant LLC

Authority:
VeriSign, Inc.

Valid from:
4/30/2014 2:00:00 AM

Valid to:
4/30/2017 1:59:59 AM

Subject:
CN=Quant LLC, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Quant LLC, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DFBE00E8FEB6ACEE363408F44ADDB1A

File PE Metadata
Compilation timestamp:
9/3/2014 2:49:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:a5fOtZFWZKAI5mcCUVzArSupMMzHA/bmspYaxuKoV6c+g0rzN7LD:QfC6ZKFfjArT+M8jttjfc+J9LD

Entry address:
0xC79A0

Entry point:
60, BE, 00, 50, 43, 00, 8D, BE, 00, C0, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
588 KB (602,112 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

http://setup.mediadrug.com/.../?advert_key=ZWMwMDAzMDBjMTAwMDE5OTAwMDAwMTc0MDAwMTc0MDAwMTc0NmRlOWM0ZjgzZA==&name=Sun Raha Hai Na Tu (Aashiqui 2) Acoustic Rock Cover

http://setup.mediadrug.com/.../?advert_key=ZWMwMDAzMDBjMTAwMDE5OTAwMDAwMTc0MDAwMTc0MDAwMTc0NmRlOWM0ZjgzZA==&name=Mewangi

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.