mediaget_id3184498ids1s.exe

mediaget-installer Module

Media Get LLC

The application mediaget_id3184498ids1s.exe, “MediaGet installer” by Media Get has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ld.mediaget.com and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Media Get LLC)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
52da8613b8341cdccf9b8bc90812a873

SHA-1:
c9efeeb6f2e0974e1cbc942013d619f90bacac6d

SHA-256:
20aa968cd83e8180ebcfe99fbcd69a6a25173264983d0e2e8e7a4d09779fc47c

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:19:18 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/MediaGet.Gen5
7.11.148.136

AVG
Luhe.MediaGet.B
2015.0.3463

Comodo Security
UnclassifiedMalware
18241

Dr.Web
Program.MediaGet.21
9.0.1.0145

ESET NOD32
Win32/MediaGet (variant)
8.9776

G Data
Win32.Adware.MediaGet
14.5.24

K7 AntiVirus
Trojan
13.177.12026

Kaspersky
not-a-virus:Downloader.Win32.MediaGet
14.0.0.3812

Malwarebytes
PUP.Adware.MediaGet
v2014.05.25.02

Qihoo 360 Security
Win32/Virus.Downloader.34d
1.0.0.1015

Reason Heuristics
Optional.MediaGetApp.Installer.X
14.5.25.14

Sophos
MediaGet
4.98

Total Defense
Win32/Tnega.KDVMcJB
37.0.10926

Trend Micro House Call
ADW_MEDIAGET
7.2.145

Trend Micro
ADW_MEDIAGET
10.465.25

File size:
731.3 KB (748,832 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mediaget_id3184498ids1s.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
3/8/2011 9:00:00 PM

Valid to:
3/8/2014 8:59:59 PM

Subject:
CN=Media Get LLC, O=Media Get LLC, STREET=Sadovaya 53, L=Saint-Petersburg, S=Russia, PostalCode=190344, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
71D26D579AEE6A768F27CF3B6D4E9A91

File PE Metadata
Compilation timestamp:
12/10/2013 9:44:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:oyQf8Ue3+6CQ2nqm8mgTNrEQwPZB/7qtvk33sUn6pxeT3hXLjuqPs:k8h3Snqmdg1EQ+B/WNk33mshb/s

Entry address:
0x1790B0

Entry point:
60, BE, 00, 00, 52, 00, 8D, BE, 00, 10, EE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
360 KB (368,640 bytes)

The file mediaget_id3184498ids1s.exe has been seen being distributed by the following 31 URLs.

http://ld.mediaget.com/index2.php?l=es&r=moviezet.com_p&f=don-jon&s=Don Jon&bbls_client_id=15248978&bbl=1

http://media-get.com/download.php

http://sub2.bubblesmedia.ru/go/.../UFRF&param=87xTvZfk7CA=&rid=1213&s=&r=kinomir.org&f=&cs=UTF-8&u=

http://sub2.bubblesmedia.ru/go/.../pmFFM9DpK6CUpiApZ0yFq5lKV2bAXwdhNgKuOUdauNWf2YyCEIb lWefnU2XuNQAcM6GwQ4pUQBPFi1FBtoeRgsTYwfvKYJmcxqLEo67JBkzSfKCCrKFsNFcVJdxJN114qYYAwJftqfvmbSh5N5l3NLRrlZU6ZauVPnK7FbeAHAkXRUkR1b0=&param=7FG1vSmakZ4=&rid=731&s= 0022 - Super Mario 64 DS (EUR)&r=decemuladores.com&f= 0022 - Super Mario 64 DS (EUR)&cs=ISO-8859-1&u=

http://sub2.bubblesmedia.ru/go/?link=al/2l7c628So70 b22Yu4aXFj4QIXrC5Tr6Np734UFLLEdrBvwIrov80xXKW6uYCXpEClDoW9T06Cp1V5rnNO4uPXfq3U9hu2HmEta/cx/.../S0VAVBXtU=&rid=384&s=VerDragon Ball Z: El Regreso De Cooler 1992 Latino Gratis Online&r=xn--elseordelanillo-1qb.com&f=VerDragon Ball Z: El Regreso De Cooler 1992 Latino Gratis Online&cs=ISO-8859-1&u=

http://sub2.bubblesmedia.ru/go/?link=gDZGQZwhRyYq3Bhx59ov1NyDqOSLFM6UxDCrYEEFGlg8gnAhDViXwtA443YMC58HP FBWOkokHMMSKV1vCLcEEYISwcGqiLUzOaENQ1aH5CR0V5Tr1S8jPLnJU95az821VgBP233/LV7u3EYJ8zyxrnkbLvFyqmx5SvoSJCzd7p/96BYt/SHHGA6ANE=&param=AgsvDTHHKUM=&rid=1109&s=South Park.Temporada.16.MicroHD.1080p.AC3.SPANISH.BluRay.2012[14/.../14] - Descarga Directa de Peliculas y Series en Alta Definici?n en todohdtv.com&cs=UTF-8&u=

http://mediaget.com/torrent.php?r=fasttorrent&u=http://www.fast-torrent.ru/download/torrent/.../Mr_Selfridge.torrent&f=Mr_Selfridge.torrent

Latest 30 of 31 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)

Remove mediaget_id3184498ids1s.exe - Powered by Reason Core Security