mediaget_id2642072ids1s.exe

mediaget-installer Module

Banner LLC

The application mediaget_id2642072ids1s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from sub2.bubblesmedia.ru and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Banner LLC)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
32f376facba35c1f1ec651c2e6fcde84

SHA-1:
d14b3552039f0ab0e55b2c912e6d64e441b598db

SHA-256:
b9e45effb58d54444f0b991f9a6ed7b48e987693b0fab9760df6acf0293e0c4e

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:40:29 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MediaGet
2015.04.23

Avira AntiVirus
PUA/MediaGet.Gen5
3.6.1.96

AVG
Banne
2016.0.3131

Baidu Antivirus
Adware.Win32.MediaGet
4.0.3.15422

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.MediaGet.G
21856

Dr.Web
Program.MediaGet.120
9.0.1.0112

ESET NOD32
Win32/MediaGet.AF potentially unwanted (variant)
9.11516

Fortinet FortiGate
Riskware/MediaGet
4/22/2015

G Data
Win32.Adware.MediaGet
15.4.25

K7 AntiVirus
Unwanted-Program
13.203.15677

Kaspersky
not-a-virus:Downloader.Win32.MediaGet
14.0.0.2151

Malwarebytes
PUP.Adware.MediaGet
v2015.04.22.05

McAfee
Artemis!32F376FACBA3
5600.6787

Reason Heuristics
PUP.Installer.Banner
15.4.22.13

Sophos
MediaGet
4.98

Trend Micro House Call
Suspicious_GEN.F47V0422
7.2.112

File size:
633 KB (648,224 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mediaget_id2642072ids1s.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/26/2014 5:00:00 AM

Valid to:
3/26/2017 4:59:59 AM

Subject:
CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata
Compilation timestamp:
4/22/2015 3:00:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ylW7yqUqNJYNZzUBNMDxShSIalIRDEYOjyLuHHKF39NetsmK9f7F:DAqNJYv4BNMDNIaaRYYTLuHqFSsmcDF

Entry address:
0x14C130

Entry point:
60, BE, 00, 80, 50, 00, 8D, BE, 00, 90, EF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
276 KB (282,624 bytes)

The file mediaget_id2642072ids1s.exe has been seen being distributed by the following 50 URLs.

http://sub2.bubblesmedia.ru/go/?link=J5dE20UaY1jyA/UR2AZZW7GJba8uzUG9P7PHC7ozrW1QJuD/efPFyYZWlRr5xFjZ4IqeEKr7wRkqdyoNg PsTG IMl55Pui920JWUnRWhb4K/.../sm2mgjDIk=&param=KpTzpG6ltsI=&rid=1226&s=Championship Manager 2003-2004 - Full - Oyun indir - Download - Y?kle - Full Oyun&r=fulloyun.com&f=Championship Manager 2003-2004 - Full - Oyun indir - Download - Y?kle - Full Oyun&cs=windows-1254&u=

http://torr.mediaget.com/torr.php?r=rsload.net&s=Unity 3D Pro 5.1.2 f1&f=Unity 3D Pro 5.1.2 f1

http://sub2.bubblesmedia.ru/sb/clk/s/1343/h/f5f4e6/o/145/.../0?a=1

http://sub2.bubblesmedia.ru/go/?link=pvZhZ7lI O137TOMiSCGu3ij9PAQVUKh/ieTctaBORx253pvpYwsYCfJ95 AVOcfUK6H0sxNn/IrKfkgpzyCtAZ4iZ3LQs15FPCgVgYjM410YGz54tbmeE/aFVXfCRZ36/L3E9E0fb0k03s=&param=YNbb9POCGU0=&rid=1113&s=&r=manytorrents.net&f=GTA / Grand Theft Auto: San Andreas (2005)&cs=UTF-8&u=http://manytorrents.net/.../0-0-0-33259-20

http://mediaget.com/torrent.php?r=dosya.host20&s=counter strike bot full turkce indir 1.6 | full program indir | full program | full programlar | ucretsiz&f=counter strike bot full turkce indir 1.6 | full program indir | full program | full programlar | ucretsiz

http://ld.mediaget.com/index2.php?l=de&r=filmitorrent.org&bbls_client_id=195129623&bbl=1&bbl_clk_id=477262-1437506470

http://mediaget.com/torrent.php?r=pc-torrent.ru&u=http://pc-torrent.net/.../download.php?id=673

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?bbl_clk_id=377083-1436543627&bbl=1&f=%u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0444%u0438%u043B%u044C%u043C %u0411%u0438%u0442%u0432%u0430 %u0437%u0430 %u0421%u0435%u0432%u0430%u0441%u0442%u043E%u043F%u043E%u043B%u044C (2015) - %u041E%u0442%u043A%u0440%u044B%u0442%u044B%u0439 %u0442%u043E%u0440%u0440%u0435%u043D%u0442 %u0442%u0440%u0435%u043A%u0435%u0440 %u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0442%u043E%u0440%u0435%u043D%u0442 %u0441 Fast torrent %u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0444%u0438%u043B%u044C%u043C%u044B %u0431%u0435%u0441%u043F%u043B%u0430%u0442%u043D%u043E %u0431%u0435%u0437 %u0440%u0435%u0433%u0438%u0441%u0442%u0440%u0430%u0446%u0438%u0438&s=%u0421%u043A%u0430%u

http://mediaget.com/torrent.php?r=xn----ftbnabui2a3h.org&fu=http://s1.xn----ftbnabui2a3h.org/files/9/.../moya-kinostudiya.exe&f=moya-kinostudiya.exe

http://torr.mediaget.com/torr.php?r=goldenshara.org&u=http://.../download.php?id=282795&f=??????? ?????.??????.Brown.Sandra.-.??????.The.Devil's.Own.(Renee.Raudman).[2011.MP3.128.kpbs].torrent ??? ???????????

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?bbl_clk_id=238669-1440334788&bbl=1&f=%u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0444%u0438%u043B%u044C%u043C %u0410%u043D%u0433%u0443%u0441, %u0441%u0442%u0440%u0438%u043D%u0433%u0438 %u0438 %u043F%u043E%u0446%u0435%u043B%u0443%u0438 %u0432%u0437%u0430%u0441%u043E%u0441 / Angus, Thongs and Perfect Snogging (2008) - %u041E%u0442%u043A%u0440%u044B%u0442%u044B%u0439 %u0442%u043E%u0440%u0440%u0435%u043D%u0442 %u0442%u0440%u0435%u043A%u0435%u0440 %u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0442%u043E%u0440%u0435%u043D%u0442 %u0441 Fast torrent %u0421%u043A%u0430%u0447%u0430%u0442%u044C %u0444%u0438%u043B%u044C%u043C%u044B %u0431%u0435%u0441%u043F%u043B%u0430%u0442%u043D%u043E %u0431%u0435%u0437 %u0440%

http://mediaget.com/torrent.php?r=saglamindir.net&u=http://www.saglamindir.net/.../Under.torrent&f=Setup

http://sub2.bubblesmedia.ru/go/.../TGBkwWLxNkQuCTkLs3CKtEWfe48k3efGbmEwZnevcVx3Iel RJB39e1fbuhp0al 26gNKULVRQSdexlPGg6F944vIcZ7k6g1YYiCRshV4GK7e9LHu2PC8KaO48sPsQgMnaA==&param=otXvgKmQDPY=&rid=2779&s=????? "??????????? ??????????" - ????????? ??? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????&r=litmir.me&f=????? "??????????? ??????????" - ????????? ??? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????&cs=UTF-8&u=&fu=

http://sub2.bubblesmedia.ru/go/?link=CZlQzzsmvvmVYFrdFjZRqmp Xf9Ep2o2YBs80lqbCYXTGiMUbYJ0u7Lg3hAPRCZcKn6NeZOhBi2yH95sGPbnv1ZKb0hGG4xuqRvS8LHvLpVqhSQVkZ0c6bkhwvuk3scWgiv8zBQ2mT0ypQ==&param=b0VraBFUxlI=&rid=2779&s=????? "??????????? ??????" - ?????? ???? - ?????? - ??????? djvu - ??????, ?????? - ??????.net&r=litmir.me&f=????? "??????????? ??????" - ?????? ???? - ?????? - ??????? djvu - ??????, ?????? - ??????.net&cs=UTF-8&u=&fu=http://www.litmir.me/data/Book/0/190000/.../Avdeev_JUrii_Kosmicheskaya_azbuka_Litmir.net_bid190047_original_46431.djvu.zip

http://mediaget.com/torrent.php?r=dosya.host15&s=clash of clans sinirsiz altin ve elmas hilesi iphone ios &f=clash of clans sinirsiz altin ve elmas hilesi iphone ios

http://sub2.bubblesmedia.ru/go/?link=MUqGNrMdhLaKb89OyZR11iZtzI5zqMySjcKfQuOEnDV76hJz/.../r7fNo1nZH7YgVYwmyoWdJ8xeZAPb9rpw3bHr1xveorJwEn7Xxbq vPHN43mndDQXeqaa1fo98syjhoGoZBZtRpHDZWtofw&param=k6N7UPO5cLk=&rid=3077

http://torr.mediaget.com/torr.php?r=oyun-pazari.net&s=Pes 2013 [RELOADED] Full indir Tek Link Torrent - Sayfa 3 - Oyun Pazari&f=Pes 2013 [RELOADED] Full indir Tek Link Torrent - Sayfa 3 - Oyun Pazari

http://li.ru/.../torr.php?r=allking.ru

http://sub2.bubblesmedia.ru/go/.../qFM arFJ0k=&rid=2464&f=Deadpool izle | Sinebol

http://sub2.bubblesmedia.ru/.../?link=rWDNZGBd0At8fXrC Rw4QEjgwGhnrqYoTsAz92s7iWUX4fI545iitc4E3WYzNhRfKoKsPzWmJw7Zzkuu3wI9xiqHosiXXz9xkfl7cwQiU eOLrdKxkw8xGiS2TWSAAyyODSZyNijTxaflHk=&param=qTuSLHRZa7Q=&rid=1226&s=The SIMS 4 - Deluxe Edition - 2014 - Full - Oyun indir - Download - Y?kle - Full Oyun&r=fulloyun.com&f=The SIMS 4 - Deluxe Edition - 2014 - Full - Oyun indir - Download - Y?kle - Full Oyun&cs=windows-1254&u=

http://ld.mediaget.com/index2.php?l=tr&r=720pfilmizles.com&f=film-izle-720p-hd-film-izle-full-film-seyret&bbls_client_id=194303598&bbl=1&bbl_clk_id=37179-1437271148

http://torr.mediaget.com/torr.php?r=filmzede.com&s=Amerikan Pastasi 9 Türkçe izle &f=Amerikan Pastasi 9 Türkçe izle

http://sub2.bubblesmedia.ru/go/?link=873GTi3QGqqGSeoIIMfyjsxhpRBYHo3kSdz9Wqa3Hym6r ZyHPV0fCTlCwhDrT0/pQH9cpuQuiDPCncik0GeH9VrBPkOMsARwm0TVwfquUi84QSzRAolxDeteZqL1akDse5NDAouxQz4/.../00s4cjv9Dh&param=XfUH8mH4Xow=&rid=1332&f=?????????? ??????????? ? ?????? ?????????? [5 ?????: 81-99 ???????] (2015) WEBRip, SATRip ?? Generalfilm ??????? ??????? [21.80 GB] :: MegaPeer.org

http://sub2.bubblesmedia.ru/sb/clk/s/1947/h/c7a194/o/145/p/959/.../0?a=1

http://sub2.bubblesmedia.ru/go/?link=Vum7xGdWQIoPkcXzYemKFrJVyrgr23/ inBD qA/aoM8cZBgeq8dXC7Ckg//.../0k1QnHPmGznWYpuKdrxSu12e2aOJGJfLxzvaLXMvFaMTP9DfzI K1H23FFFuqZwd0NMgdelzk9O7VUy4sGv6dtqixQ2Bk=&param=AmTBfrC5nSc=&rid=1490

http://sub2.admitlead.ru/sb/clk/s/509/h/7b205c/o/471/sub/13605?a=1&fu=http://wayupload.com/download/redirect/3bf2d219f98c0ca87ce9c2617cecc5ee/.../

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?comment=o471|p0|i660|l100|e0|s603&r=al_mixtraffsng.ru

http://torr.mediaget.com/torr.php?r=ea6.net&s=sibelin sikisi&f=sibelin sikisi

http://sub2.bubblesmedia.ru/go/?link=tTYF9seA6jrqXHpiJcH2fvsqAq0JKhhOyYjD6yrOD GbyCGGtwDqv 6Hvu/.../iRChct5TyeFPZ WnzAxxNkMxavnhyaWEoZ2po1eS0LyifhiJeWCshXfSuVa ASw==&param=6IWeETSDNo8=&rid=2779&s=????? "????? ?????? (??)" - ??????? ??? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????&r=litmir.me&f=????? "????? ?????? (??)" - ??????? ??? - ?????? ?????? - ??????? fb2 - ??????, ?????? - ??????&cs=UTF-8&u=&fu=

http://sub2.bubblesmedia.ru/go/?link=UC/ALye/.../cj7VHFMRtcqFS4ROayN8OMxnsrRX0jTF6h0yB6DGizva1LGwukYAgbeMp8jiirBGOp8W95zMQpfgR2zzzRRAkA=&param=G75GLIxBCU4=&rid=1796&s=&r=nemo-crack.org&f=&cs=windows-1251&u=&fu=

Latest 30 of 709 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)

TCP (HTTP):
Connects to customer.clientshostname.com  (185.104.10.56:80)

TCP (HTTP):
Connects to 163-172-220-89.rev.poneytelecom.eu  (163.172.220.89:80)

Remove mediaget_id2642072ids1s.exe - Powered by Reason Core Security