MediaDrug.exe

MediaDrug

The application MediaDrug.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MediaDrug’. This file is typically installed with the program MediaDrug. While running, it connects to the Internet address s2-db.nitralabs.com on port 80 using the HTTP protocol.
Publisher:
MediaDrug

Product:
MediaDrug

Version:
1.8.0.0

MD5:
7c5de6c8fc7450a8fa831b0d3fdbb3af

SHA-1:
8122be08e91c1e5275c25307b4cc293e823f198c

SHA-256:
4d7dff00688c55adadb0ed09d04576d83f007ac907acdf5018e0b876d6f3cc8a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 4:29:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaDrug.Meta (M)
16.3.16.20

File size:
2 MB (2,062,336 bytes)

Product version:
1.8

Copyright:
Copyright © 2012 MediaDrug

Original file name:
MediaDrug.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
49152:dI66kFMT3a4HTXpWtMmFVDoDxhMqLLslyiVYWE:ykKTFINsDxhtssyYWE

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, B8, F4, 5C, 00, 01, 00, 00, 00, E8, 2E, 35, 0A, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, B8, F4, 5C, 00, 00, 00, 00, 00, E8, 0E, 35, 0A, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, A4, 2D, 5D, 00, C7, 04, 24, 00, C0, 4D, 00, FF, D3, 89, C6, 83, EC, 04, 85, F6, B8, 88, 60, 4A, 00, 74, 29, C7, 04, 24, 00, C0, 4D, 00, FF, 15, C0, 2D, 5D, 00, 83, EC, 04, A3, 38, D0, 5C, 00, C7, 44, 24, 04, 13, C0...
 
[+]

Entropy:
6.6356

Code size:
872 KB (892,928 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MediaDrug

Command:
"C:\mediadrug\mediadrug.exe" -autostart


The file MediaDrug.exe has been discovered within the following program.

MediaDrug  by MediaDrug
Publisher's description - “It has never been easier to download entire mp3 albums by your favorite artists! After hearing a great song play you may want to take a closer look at the artist's work and even download their whole album.”
mediadrug.com
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s2-db.nitralabs.com  (46.28.68.78:80)

TCP (HTTP):

TCP (HTTP):
Connects to h1net188-64-172-90.h1host.ru  (188.64.172.90:80)

Remove MediaDrug.exe - Powered by Reason Core Security