mediacreationtool.exe

Operativsystemet Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.disk.yandex.ru and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Operativsystemet Microsoft® Windows®

Description:
Windows 8.1 Assistant

Version:
6.3.9600.17557 (winblue_r6.141213-1258)

MD5:
ee8e61f376f7f3e309525c975642c989

SHA-1:
4c9453b919a6189ea158345631fce13e96f8dd30

SHA-256:
22346324984aa679c2bd4c304ecc7b8fddde77ee826f8232c304ec2dfed17421

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/25/2024 4:32:05 PM UTC  (today)

File size:
1.4 MB (1,483,336 bytes)

Product version:
6.3.9600.17557

Copyright:
© Microsoft Corporation. Med enerett.

Original file name:
Windows 8.1 Assistant

File type:
Executable application (Win32 EXE)

Language:
Norwegian (Norway)

Common path:
C:\users\{user}\downloads\mediacreationtool.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
4/22/2014 7:39:00 PM

Valid to:
7/22/2015 7:39:00 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CA6CD5321235C4E1550001000000CA

File PE Metadata
Compilation timestamp:
12/14/2014 12:40:31 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:szV2YQzGtGoyav7E+V9I3QY2zaKw2sgd+w8Y3u7ftANESqJb99yfD7zIULlPreXG:3tiYo539I3jPKvshwxuDteEdJb92D4aJ

Entry address:
0x7A70

Entry point:
E8, 43, 08, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 5C, 68, 68, B4, 40, 00, E8, 01, 09, 00, 00, 83, 65, DC, 00, 83, 65, FC, 00, 8D, 45, 94, 50, FF, 15, 6C, D0, 40, 00, C7, 45, FC, FE, FF, FF, FF, 33, DB, 43, 89, 5D, FC, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 33, F6, BA, E4, CB, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 06, 3B, C7, 75, 14, 8B, F3, 39, 1D, E8, CB, 40, 00, 75, 17, 6A, 1F, E8, 6F, 06, 00, 00, 59, EB, 3C, 68, E8, 03, 00, 00, FF, 15, 68, D0, 40, 00, EB, CA, 83, 3D, E8, CB, 40...
 
[+]

Code size:
41.5 KB (42,496 bytes)

The file mediacreationtool.exe has been seen being distributed by the following 50 URLs.

https://downloader.disk.yandex.ru/disk/e1b61e497d8d7299e8195c03a95e3348833d7a1e801d5f3047a6abb2d33ebd0c/587d84ba/0dDahLXNf_IMH5DeGxxy74p5_ie6vj8o-nSbShMGwNwg_NrbQyOdYauvTUBDCNwW0pIyVLolbJsG9sQjeSAy1A==?uid=0&filename=mediacreationtool.exe&disposition=attachment&hash=GS2cWT2oH2QMmawknJp5ccn0WWDstDzwwkt/.../x-msdownload&fsize=1483336&hid=05354a5d7e7fff4c392678694af2e3e7&media_type=executable&tknv=v2

https://downloader.disk.yandex.ua/disk/6d29b28b4fd4f914ac5df2c113e1a52c560fc98cc7e2cb22698d037e2af6d09c/5870175b/0dDahLXNf_IMH5DeGxxy74p5_ie6vj8o-nSbShMGwNwg_NrbQyOdYauvTUBDCNwW0pIyVLolbJsG9sQjeSAy1A==?uid=0&filename=mediacreationtool.exe&disposition=attachment&hash=GS2cWT2oH2QMmawknJp5ccn0WWDstDzwwkt/.../x-msdownload&fsize=1483336&hid=05354a5d7e7fff4c392678694af2e3e7&media_type=executable&tknv=v2

http://indir.gezginler.net/i/35032/.../

http://www.towerbitscenter.com/zjHWcYcXLcemQRcQmPOejuPs8Xg3LAmkbykcQT7tTEV6_UDMn6fIRZvL_4WACv1i9uS0vpUY7H Efplx0_pjCfGz8B3U 2RV1FoecrcIlGVrqwnzthcHxyx9f5K5DjvkUtKdNpaSPsISEJyZyIF2B89L_LjBUdOstRSn3Q44GK5jAcJv5SyfyNS4H64xV68XGctToJPiWXTgfcqErcQUSWndqjRWlhQgQC4Vk6Ou9dqVSlAl3QA=-G1oAAMRmW2zAn_CbEeTNBje7k ZmMCg45ID9rRDSwDBkHD5vxPTmNZ6vTqr3ImFoUqnfMe_bYPFwkUyItmmNrjCXVAOwWEfw4LjclWGjnpvqLw==

https://downloader.disk.yandex.com.tr/disk/818a6c7ff9148b85de0504111cbffbe174b610ddcf94abed538be4216cc46675/5888bf6f/0dDahLXNf_IMH5DeGxxy74p5_ie6vj8o-nSbShMGwNwg_NrbQyOdYauvTUBDCNwW0pIyVLolbJsG9sQjeSAy1A==?uid=0&filename=mediacreationtool_2.exe&disposition=attachment&hash=9l3Wzmfoasayl7QtH1MyDG/.../x-msdownload&fsize=1483336&hid=05354a5d7e7fff4c392678694af2e3e7&media_type=executable&tknv=v2

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M170107013927HUS&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://www.bytesendclear.com/E85I09Pm_N YU_cSWn1asnwErLr5i9cBcqdCOboV0m9U0QN1wKdxMS2jhXjOzYIkOFXOtMQTnu3A1SilFe4jnNTK_PzneFPAh98QMO62TRp9IYdD6Fj_jmfTRnTgqt1m4JMTpTQJNKV1s223ePOZ3wwqPsTmsBQLCuXcQck6qECnyV_pMr8suojet1 serRaDAqIi3fzCejz7rq08PR4iRcX7RBk4Gv ek4yf7zSnf30bEO3yM5bMBwoesvu35OMUFoRRRH_t7VGs6Tae90shpLxCsByS8vhkIqgEpZuKmCMUkcoe3lddosMW1e1E1quON69xM2N56ojgkgmAf_yT4rIxtzeUrIV21Vpv0DzGQ1pyGyOilhJPuErU 3XvQR3r6WX1Ks5R6HGmTLasRENa0dZ7_C8tbi9qJPikEE1j4IaJ43VMvxkarQma3N8u Wu9tfdxs1VQjAngLDmRrhyQTVFQxGDd1g4bwxmwOPqEbRCo1JVXC5fTHEnJVZs6Wj8Yr4JgV754ZfT9UH80TnjKXyij5PW2EWffOXAJsYeNTCkBNI2hSi79Wh6wbVtv7uibrLbECbD-G1oAAMRmW2zAn_CbEeTNBje7k ZmMCg45ID9rRDSwDBkHD5vxPTmNZ6vTqr3ImFoUqnfMe_bYPFwkUyItmmNrjCXVAOwWEfw4LjclWGjnpvqLw==

https://downloader.disk.yandex.ru/disk/5ac917361eab0b1a16a6ebf727a4439e137f7ff1bfabdee8ebb5576674ff3029/58828534/0dDahLXNf_IMH5DeGxxy74p5_ie6vj8o-nSbShMGwNwg_NrbQyOdYauvTUBDCNwW0pIyVLolbJsG9sQjeSAy1A==?uid=0&filename=mediacreationtool.exe&disposition=attachment&hash=GS2cWT2oH2QMmawknJp5ccn0WWDstDzwwkt/.../x-msdownload&fsize=1483336&hid=05354a5d7e7fff4c392678694af2e3e7&media_type=executable&tknv=v2

http://indir.gezginler.net/i/35032/.../

http://www.ranchsendgift.com/VVjGLMrtNrEkNqKxFzrtyc fa8d fyK2lgynNUYpUl8LXwD0uplGuevYjcvEube4aUDyGqI6COo_m1Rrm1Ig7f7jOpw1P6Qp40EYFkISZ9 etzUapmt U86mzdt17fULRj4upms8AQpQR_OlM6Fd40UvwD0ZJQA OQuQgw3bICktji6pe2cGe0SilM02YFlMM YJ5d1_Kvl4uXaKcAAxuLoiJ4Jvy5OoxdQOZ3t6DtIYeiFZ8Fo=-G1oAAMRmW2zAn_CbEeTNBje7k ZmMCg45ID9rRDSwDBkHD5vxPTmNZ6vTqr3ImFoUqnfMe_bYPFwkUyItmmNrjCXVAOwWEfw4LjclWGjnpvqLw==

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M161022141103RAL&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

https://docs.google.com/uc?authuser=0&id=0Bxj460DauZpfYnRadE83X2k2bW8&export=download

http://clk.tradedoubler.com/click?p=256380&a=2459594&g=0&epi=je6NUbpObpQ-E.1L2iHpRR77eYANMaz.rw&url=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M161104152915HLF&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://download.microsoft.com/download/1/C/4/.../MediaCreationTool.exe

http://visit.digidip.net/visit?pid=660&generated=shortener&url=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://123.briian.com/forum.php?mod=attachment&aid=MTA3Nzd8Zjc1ZmI1NGN8MTQ3ODk0NDIxN3wwfDY0NDg=

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M160731050956NXW&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M161014100350VHR&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

https://pc-totaal.com/download/.../

http://redirects.tradedoubler.com/projectr/?tduid=(43d973ffbf6e3ba6a51148d3ca49fb79)(256380)(2459594)(XdSn0e3h3.k-uiOdmpEtBRHobCSY8nnv7g)()*_td_*KEEP_NEWEST&_td_ifelse=microsoft.td*td_string*http://go.microsoft.com/fwlink/.../?LinkId=510815*td_true*_td_url=https://redirects.tradedoubler.com/microsoft/index.php&_td_deeplink=http://go.microsoft.com/fwlink/.../?LinkId=510815*td_false*&_td_deeplink=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://visit.digidip.net/visit?pid=608&generated=shortener&url=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420921M1M161114135110ZMR&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M161023093642WHM&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M160820163654CQS&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://go.redirectingat.com/?id=3570X1157617&site=eightforums.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/p/?LinkId=510815&xguid=6db725a8c95d7f6510dfa8c4351eddff&xuuid=8ccbc6375b7eb07caf22610e2faec3f5&xsessid=43cd366799e97af141f94c0d23836151&xcreo=0&xed=0&sref=http://www.eightforums.com/.../18309-windows-8-windows-8-1-iso-download-create.html&pref=http://www.eightforums.com/.../15458-uefi-bootable-usb-flash-drive-create-windows.html&xtz=120

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M161105154419CXG&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

http://www.ranchsendgift.com/jacpDpuoh9cw2lJnfF 8W0FmfxN57RymkejbLwJkRPmPi8H9GbJdyAjVAxgGKczCXz5B1vrPbAwN5t6cCUWCAyVtNlJjsilYSvw5chxhfoZ30Tng91 jN5N3NEn_hcN_VJMP9CRtmUmCn6p0nfu3o7b2NL73OSwBEw763169xHcOqmeSt0l46LeRLyyoVoOs3viuK2hjYjZ4nxJHCMPr76OKr7CD_SiDxO0e8Zwo w3AzB_0q60=-G1oAAMRmW2zAn_CbEeTNBje7k ZmMCg45ID9rRDSwDBkHD5vxPTmNZ6vTqr3ImFoUqnfMe_bYPFwkUyItmmNrjCXVAOwWEfw4LjclWGjnpvqLw==

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=417234M1M161105034437UME&murl=http://go.microsoft.com/fwlink/.../?LinkId=510815

https://mega.nz/temporary/.../udUn2LCC

Latest 30 of 100 download URLs