media finder.exe

Media Finder

The application media finder.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Media Finder’. While running, it connects to the Internet address 146.120.89.45.ip.ukrnames.com on port 80 using the HTTP protocol.
Publisher:
Media Finder

Product:
Media Finder

Version:
1.0.9.28

MD5:
279eb341eb5bba2403545b6e58e90ce0

SHA-1:
0e6fa0427d961623a7da0454bb8f757ad761d153

SHA-256:
b26bc7c4d8392d6d0059aa0df5ad6dcacad721af7e850bcc8425d84a81f9fa9e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:05:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFinder.Optional.Meta (M)
16.2.25.23

File size:
8.2 MB (8,613,376 bytes)

Product version:
1

Copyright:
Media Finder 2012

Original file name:
MF.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\media finder\media finder.exe

File PE Metadata
Compilation timestamp:
6/19/2012 6:41:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:LcgVu9WeR3Nkd4sEhaMNPZAiy+zs/mbu2A2ao4r2GMMpl/xroodt9SdrBc41rpUq:9uJyWsE5tCKu2A2abecIswWfINWHR

Entry address:
0x454188

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 0C, 4F, 84, 00, E8, 97, 78, BB, FF, 8B, 1D, 00, FF, 87, 00, E8, 7C, 0B, FF, FF, 84, C0, 75, 49, 8B, 03, E8, 45, F2, CB, FF, 8B, 03, B2, 01, E8, 78, 0F, CC, FF, 8B, 03, BA, 04, 42, 85, 00, E8, 4C, EC, CB, FF, 8B, 0D, 98, FB, 87, 00, 8B, 03, 8B, 15, 90, 2D, 81, 00, E8, 35, F2, CB, FF, 8B, 0D, 38, 04, 88, 00, 8B, 03, 8B, 15, 68, 9D, 83, 00, E8, 22, F2, CB, FF, 8B, 03, E8, 6B, F3, CB, FF, 5B, E8, 81, 27, BB, FF, 00, B0, 04, 02, 00, FF, FF, FF, FF, 0C, 00, 00, 00, 4D, 00, 65, 00...
 
[+]

Entropy:
6.5577

Developed / compiled with:
Microsoft Visual C++

Code size:
4.3 MB (4,533,760 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Media Finder

Command:
"C:\Program Files\media finder\media finder.exe" \opentotray


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 146.120.89.45.ip.ukrnames.com  (146.120.89.45:80)

TCP (HTTP):
Connects to 195.88.243.21.ip.ukrnames.com  (195.88.243.21:80)

Remove media finder.exe - Powered by Reason Core Security