home

media finder.exe

Media Finder

The application media finder.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Media Finder’. While running, it connects to the Internet address 146.120.89.45.ip.ukrnames.com on port 80 using the HTTP protocol.
Publisher:
Media Finder

Product:
Media Finder

Version:
1.0.9.31

MD5:
36763d231cc415cbd2dbb69c3ff4e685

SHA-1:
82e42d807d943bf69c2bcc64a9ba0ef043237382

SHA-256:
b7e7ae3b469605a37bddfb186cb1d12650f83121e5dcce7399d071e453073402

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:55:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optiona.MediaFinder.Meta
15.6.14.22

File size:
8.2 MB (8,614,400 bytes)

Product version:
1

Copyright:
Media Finder 2012

Original file name:
MF.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\media finder\media finder.exe

File PE Metadata
Compilation timestamp:
8/8/2012 8:31:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:OcgVu9WeR3Nkd4sEc65UMBzy+2Sq3S2R2ao4r2GMMpl/xroodt9SdrBc41rpUqKu:2uJyWsEjB0S2R2abecIsoWfINWHR

Entry address:
0x454188

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, C4, 50, 84, 00, E8, 97, 78, BB, FF, 8B, 1D, 00, FF, 87, 00, E8, 34, 0D, FF, FF, 84, C0, 75, 49, 8B, 03, E8, 45, F2, CB, FF, 8B, 03, B2, 01, E8, 78, 0F, CC, FF, 8B, 03, BA, 04, 42, 85, 00, E8, 4C, EC, CB, FF, 8B, 0D, 98, FB, 87, 00, 8B, 03, 8B, 15, 14, 0B, 81, 00, E8, 35, F2, CB, FF, 8B, 0D, 38, 04, 88, 00, 8B, 03, 8B, 15, 20, 9F, 83, 00, E8, 22, F2, CB, FF, 8B, 03, E8, 6B, F3, CB, FF, 5B, E8, 81, 27, BB, FF, 00, B0, 04, 02, 00, FF, FF, FF, FF, 0C, 00, 00, 00, 4D, 00, 65, 00...
 
[+]

Entropy:
6.5575

Developed / compiled with:
Microsoft Visual C++

Code size:
4.3 MB (4,534,272 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Media Finder

Command:
C:\Program Files\media finder\media finder.exe \opentotray


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 146.120.89.45.ip.ukrnames.com  (146.120.89.45:80)

Remove media finder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.