mediaget_id2772891ids2s.exe

mediaget-installer Module

Banner LLC

The application mediaget_id2772891ids2s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.installadz1.com and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Banner LLC)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
94ee5f4d747d705d1e7894cced1c4189

SHA-1:
5831d71b2b73d7bd808b91bc0a7e15eeff8c94ee

SHA-256:
4724cf23b48019f723abb45a837f92324b60541a115d32563ce95132d34fd2b2

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:11:54 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Banne
2016.0.2916

Baidu Antivirus
Adware.Win32.MediaGet
4.0.3.151123

Bkav FE
W32.HfsAdware
1.3.0.7383

Comodo Security
Application.Win32.MediaGet.G
23643

Dr.Web
Program.MediaGet.133
9.0.1.0327

ESET NOD32
Win32/MediaGet.AE potentially unwanted (variant)
9.12610

G Data
Win32.Adware.MediaGet
15.11.25

IKARUS anti.virus
PUA.MediaGet
t3scan.1.9.5.0

Kaspersky
not-a-virus:HEUR:Downloader.Win32.MediaGet
14.0.0.1076

Malwarebytes
PUP.Optional.MediaGet
v2015.11.23.07

Qihoo 360 Security
Win32/Virus.e7d
1.0.0.1077

Reason Heuristics
PUP.MediaGet.Banner.Installer (M)
15.11.23.19

Sophos
MediaGet (PUA)
4.98

File size:
465.5 KB (476,704 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\mediaget_id2772891ids2s.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/26/2014 2:00:00 AM

Valid to:
3/26/2017 1:59:59 AM

Subject:
CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata
Compilation timestamp:
11/19/2015 5:19:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:HY3OS7sa5enVjv8/zH7sXv5dHNJ5noLcF6C7:4wH1aPsXv5dtJ5noLcMC7

Entry address:
0x135C70

Entry point:
60, BE, 00, 10, 4F, 00, 8D, BE, 00, 00, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9129

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
276 KB (282,624 bytes)

The file mediaget_id2772891ids2s.exe has been seen being distributed by the following 50 URLs.

http://www.installadz1.com/indir.php?&t1=fullprogramlarust&is=KMSpico 10.2.0 Office Windows 10 Aktivasyon 2016 indir

http://ld.mediaget.com/index2.php?l=ru&r=filmitorrent.org&bbls_client_id=243346250&bbl=1&bbl_clk_id=61653-1451609383

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?bbl_clk_id=597794-1456066360&bbl=1&r=vtorrents.net

http://sub2.bubblesmedia.ru/sb/clk/s/2357/h/9ccf61/o/145/.../0?a=1&f=Battlefield 2 Full Türkçe Indir

http://oneprog.ru/goto/.../

http://sub2.bubblesmedia.ru/go/?link=kNg5NyhIDRZs JV4U6wjpX12qHfQyCJbf0UMI0EcIUNY6yw2Xdp8QjogMDjhGOpDYgC5GOB5L09bKp0 1V9iAdupYKhf5yajqFLE7xrDUCylwpLf15v6WkByxxMn10lsahxVKqWYxsXN/w==&param= Ky4cmw5qJc=&un=56cb55cf6aac3&rid=1111&s=?????? ??????? ????????. ????????? ????? ????? ?????? 1 1 (2014) /.../ ???????? ?????? ?????? ??????? ????????, ????????? (1 1) ?????? ????????? ? ??? ???????????&r=serialx.org&f=?????? ??????? ????????. ????????? ????? ????? ?????? 1 1 (2014) /.../ ???????? ?????? ?????? ??????? ????????, ????????? (1 1) ?????? ????????? ? ??? ???????????&cs=UTF-8&u=

http://www.turbobitfreecdn.com/down.php?is=Minecraft. Pocket Edition v0.12.1 Build 7 Ucretsiz Full APK&t1=apkindirx&t2=ozel

http://sub2.bubblesmedia.ru/sb/clk/s/2357/h/9ccf61/o/145/.../0?a=1&f=GTA Vice City HD Full Türkçe Indir

http://mediaget.com/torrent.php?r=ucretsizpdfindir.com&s=Cübbeli Ahmet Hoca Dualarim Kitabi Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books&f=Cübbeli Ahmet Hoca Dualarim Kitabi Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books

http://sub2.bubblesmedia.ru/sb/clk/s/2569/h/1cb95e/o/145/.../2?a=1&f=five nights at freddy#039;s 2 korku oyun full download

http://mediaget.com/torrent.php?r=dosyamerkezi.net&fu=http://www.adslook.net/.../Setup.exe&f=Minecraft 1.8.8

http://mediaget.com/torrent.php?r=ucretsizpdfindir.com&s=Dukan Diyeti Listesi Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books&f=Dukan Diyeti Listesi Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books

http://sub2.bubblesmedia.ru/sb/clk/s/1836/h/dd42dd/o/145/.../ff2?a=1&f=WinThruster Full Turkce Indir 1.79.69.2469

http://sub2.bubblesmedia.ru/go/?link=mDY7PzKHmxKda8uyDS0/I aeINIEjGGkFyfU4QQ5/tvxa4evt0tHDNHRaW/LkhFQJa4jMTHUV5LXFwuIZFiuFjBMqrcWtLnD8MjcfvJbkiUkSJ89 udhDNZKLaAiyodf/TKSW41hID8mZ50qr8F hr/.../mLO7BB&param=RuBfnWAolu0=&rid=3150

http://sub2.bubblesmedia.ru/go/?link=3HhJ5r7zXT6q3y vbzSY5c/.../sk13XJkaDoaYC0T6oV5YdN3NiAyhBeU1vqE9dzD00RdcQP1aBlpHhqXLEGG4NmBAi7X uid3s64cUJ00tujhuK2mTErpLqOnBlH6DPyVAEwG5Zlsu NNY9qfP&param=BUGtT qyviE=&rid=2899

http://ld.mediaget.com/index2.php?l=tr&r=al_reklamtrk.com&f=kocankadarkonu15tekpara&comment=s901|k2016022198421&use_f=1&bbls_client_id=268356787

http://ld.mediaget.com/index2.php?l=tr&r=indirfile.comgen&f=narnia-gnlkleri-prens&bbls_client_id=246593952&bbl=1&bbl_clk_id=44163-1451688099&use_f=1

http://ld.mediaget.com/index2.php?l=ru&r=al_rutor.pl&comment=s905&bbls_client_id=252574678

http://filmec-online.net/go?http://sub2.bubblesmedia.ru/sb/clk/s/986/o/145/p/994/sub/0?a=1&fu=http://filmec-online.net/.../0-0-0-6352-20&f=?????? ????????????

http://ld.mediaget.com/.../-tek-link&bbls_client_id=203074479&bbl=1&bbl_clk_id=237868-1454750293&use_f=1

http://mediaget.com/torrent.php?r=programmerkezi.net&fu=http://www.adslook.net/.../Setup.exe&f=Fatura Örnegi

http://sub2.bubblesmedia.ru/go/?link=ZVOKriVzkZsQd1S2JjegurV9RuMyOlh4bdCASTnYpXeOYQPm9QEmdG1v4RnAomRRyg 4bBJXRDrOfeBMyjBns/4kWVb17iqpqmn3cP0/BLPyqu SMCfVaa4Lc8yLdoZ9lZdp1dWnqXbxv o=&param=ufsP7f1HsD8=&rid=3357&r=vsetop.com&f=???????&u=http://d.vsetop.com/download/.../Five_Nights_at_Freddys_3_v1.032.rar

http://sub2.bubblesmedia.ru/go/?link=edGBd/8uu0NeSytHUQDw/Ueli6dxAHjlBxuYP5sf9DkR5euGL/I oGqOZSxpJoY wU44fRTY7eOnP58E8xyM1PwuAggYLdH2vSdp mFGVwWU8VtKykPCRsXDp8vv9ciT06kIecrM0SB63ho=&param=9IBRNG2 bBM=&rid=3288&r=torrents-game.net&f=empire-total-war&u=http://torrents-game.net/torrents/.../Empire-Total-War.torrent

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?bbl_clk_id=79478-1453349958&bbl=1&r=vtorrents.net

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=TheRevenant(15)TürkçeAltyazi&data_send_to_me=A6343BFEC642A000B7688E6E1C39AD5BEE885907_torrentindirturk.com_torrent2

http://ld.mediaget.com/index2.php?comment=s1054|l139&r=al_pciven.ru&bbls_client_id=187101024

http://mediaget.com/torrent.php?r=ucretsizpdfindir.com&s=Güvender Yayinlari YGS 9 Adet Çözümlü Deneme Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books&f=Güvender Yayinlari YGS 9 Adet Çözümlü Deneme Pdf Indir - Ücretsiz Pdf Indir,Pdf Kitaplar,E-Pub ve Pdf Indir,E-Book Download,Free Books

http://sub2.bubblesmedia.ru/go/.../c06gG4IRiR83Yx6SaWhKW9Rq5OgYElluQEQ5Zh2QOMdoHXbe2M3kDF9VC6uOBkWCNnECe39na5RTDzPiJZoEMM8WZ93HCbVbxHxe8l1xDnzQbRAYe5SC7BZbtzTIfPVmAF&param=isteblkr844=&rid=3277

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=SiccinFullHDizle_&data_send_to_me=EBDB3CA5972F13A2C23F92246DC01BA454C5E0C6_hdfilmziyafeti.com_hazw5

http://indir.gezginler.net/i/33676/.../

Latest 30 of 3,402 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)

TCP (HTTP):
Connects to customer.clientshostname.com  (185.104.10.56:80)

Remove mediaget_id2772891ids2s.exe - Powered by Reason Core Security