» mediaget_id723275ids2s.exe
Overview
Analysis
File Details
Downloads (83)
Network (1)

mediaget_id723275ids2s.exe

mediaget-installer Module

Banner LLC

The application mediaget_id723275ids2s.exe, “MediaGet installer” by Banner has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from sub2.bubblesmedia.ru and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.

File name:

Publisher:

MediaGet LLC (signed by Banner LLC)

Product:

mediaget-installer Module

Description:

MediaGet installer

Version:

1.0

MD5:

ad18474e3175288440297a766f7f8653

SHA-1:

27b687ef9727f4ad93c7d2af9276042d3cb881f7

SHA-256:

dee1a60e41f131ec53efeb4bb19178cb28bc384670af29ed8e3c20b5f62af5d6

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

1/11/2025 2:45:09 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/MediaGet.Gen5

7.11.214.2

AVG

Banne

2016.0.3179

Comodo Security

Application.Win32.MediaGet.G

21301

Dr.Web

Program.MediaGet.115

9.0.1.064

ESET NOD32

Win32/MediaGet.AF potentially unwanted (variant)

9.11274

Fortinet FortiGate

Riskware/MediaGet

3/5/2015

G Data

Win32.Adware.MediaGet

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15173

Kaspersky

not-a-virus:Downloader.Win32.MediaGet

14.0.0.2392

Malwarebytes

PUP.Adware.MediaGet

v2015.03.05.02

McAfee

Artemis!AD18474E3175

5600.6835

Reason Heuristics

Optional.MediaGetApp.Installer

15.3.5.14

Sophos

MediaGet

4.98

File size:

633 KB (648,224 bytes)

Product version:

1.0

Original file name:

mediaget-installer.exe

File type:

Executable application (Win32 EXE)

Language:

engleski (SAD)

Common path:

C:\users\{user}\downloads\mediaget_id723275ids2s.exe

Digital Signature

Signed by:

Banner LLC

Authority:

COMODO CA Limited

Valid from:

3/26/2014 1:00:00 AM

Valid to:

3/26/2017 12:59:59 AM

Subject:

CN=Banner LLC, O=Banner LLC, STREET="lit.A, pom. 7N, 21 Serebristy bul.", L=St.Petersburg, S=Russia, PostalCode=197341, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75D61BEBB47652BF2C5DF2DDF44F0E3A

File PE Metadata

Compilation timestamp:

3/2/2015 3:58:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:PpFpD3OtzhVJSPPOlWiJwU2FdRDEYOjyLuHHKF39NetsmK9f78:PUBS3UtkdRYYTLuHqFSsmcD8

Entry address:

0x14C050

Entry point:

60, BE, 00, 80, 50, 00, 8D, BE, 00, 90, EF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.9504

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

276 KB (282,624 bytes)

The file mediaget_id723275ids2s.exe has been seen being distributed by the following 50 URLs.

http://sub2.bubblesmedia.ru/go/?link=l/OmQrQwIbBlQ23IARGChJLDScIFkFHakG3dLPFw2P8m6L4V9rhr2gQrOmlcEzLy6NXXSqrD4Dviej0ERmBlYBcmR6glgu5FG/.../Y o5&param=K1SEQzSVjYk=&rid=2457&cc=1

http://torr.mediaget.com/torr.php?r=canisik.net&s=Pes 2014 Crack /.../ Serial

http://sub2.bubblesmedia.ru/go/?link=ae peTCeBCTcYVZCTB1IIS2cRHus5EKp6Tiuo7yqcB6DTQV7dsjVi33lzQD/lkIZBe N4j5xLl644wRkSGULkS2a4zIHfnmmPOBpf/lxWnr8mLUvyThsZSvbb2bK9VXi5M48LeeflzmwYag=&param=BZtwbCaiPw0=&rid=2089&s=??????? ????? ??????? / Znachor (1981) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&r=fast-torrent.ru&f=??????? ????? ??????? / Znachor (1981) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&cs=utf-8&u=&fu=http://www.fast-torrent.ru/download/torrent/.../157707.torrent&cc=1

http://torr.mediaget.com/torr.php?r=torrent-oyun.com&f=Besiege v0.0.4 -Early.Access-[torrent-oyun.com].torrent&u=http://.../index.php?action=dlattach;topic=341890.0;attach=156383

http://mediaget.com/torrent.php?r=vessoft.com

http://sub2.bubblesmedia.ru/go/.../D C1QVGA==&param=Sk72 iRLFhY=&rid=2514&cc=1

http://sub2.bubblesmedia.ru/.../?link=AbIY7ZdFHlndP3ZMotrmbxE Lxa82oYgP8j5KWSv94XxPQD7W56MCbOCEwGVFiPK9y715Fd8a0415le9q 9KLIEhVGervoKo96XpUJ6gzPIfEKUOtIOOufqNYQVWf9uB3ljmoGNK8FuLg0uOB6QIMt1XwLHJi6RcloGmhQ==&param=3fUvzAJAVKQ=&rid=2465&f=Mela izle | Direksinemaizle.Com | Full Film izle | Sinema izle | Hd Film izle&cc=1

http://mediaget.com/torrent.php?r=tamindir.com

http://mediaget.com/torrent.php?r=saglamindir.net&s=GTA San Andreas Full Türkçe Indir &f=GTA San Andreas Full Türkçe Indir

http://sub2.bubblesmedia.ru/go/?link=xQpALColK7/.../8qpc7AFQxj08HhkAHquVzpf9TiJbE1eK2JyXQQK9f1UOY2WUAHpyUUPivZJQ2B77bR8IIw9o7ocLK 6S3c7vXXW9Yomj1k snJkGgK1DOg==&param=4pv4emrJ0Lo=&rid=928&s=Counter-Strike Source - Extreme MapPack&r=torrent-games.ru&f=Counter-Strike Source - Extreme MapPack&cs=windows-1251&u=&cc=1

http://sub2.bubblesmedia.ru/go/.../biv4Ldo=&rid=1041&s=??????????? ?????? - ?????. 1 ?????. 125 ?????. ???????? ?????? ????????? ?? ??????? ????? (S01E25)&r=seria-online.ru&f=??????????? ?????? - ?????. 1 ?????. 125 ?????. ???????? ?????? ????????? ?? ??????? ????? (S01E25)&cs=UTF-8&u=&cc=1

http://sub2.bubblesmedia.ru/go/?link=EkySsqDvyi3EmcX4LF42s0k 7YFeqIHNZlcXtgJbt54Zr7vmzQPvI4W19pLM WYiigfCG9/tLhhifOqeeVNcdSJw7uL4lpmkMjM7QlAInUlng1G5nGtzLT6cEaQObVm5dX2ljW se1ob&param=v1AiZ6T7HSE=&rid=120&s=??????? ???? ??? ??????????. ????? 1 /.../ Russian Language for Beginners: Book 1&cs=utf-8&cc=1

http://torr.mediaget.com/torr.php?r=oyungezginler.com&s=Serious Sam 3 Full Indir – Tek Link&f=Serious Sam 3 Full Indir – Tek Link

http://sub2.bubblesmedia.ru/go/?link=GQsraVhVNve4KWlb1nFPPvCsfsJK3KmaXNGwc9GYtYcba9AlEuDcP 17r9m7vF45bQMqJnpv1958E2ZM83U6EVZ9jLhX 1UQi49Jt/HYA/UbIttpGf4u8FCWCCkaGhwddiEPTooXxQjGfEA=&param=MHGffqigeQk=&rid=2089&s=??????? ????? ?????? ??????? / Time Lapse (2015) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&r=fast-torrent.ru&f=??????? ????? ?????? ??????? / Time Lapse (2015) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&cs=utf-8&u=&fu=http://www.fast-torrent.ru/download/torrent/.../179499.torrent&cc=1

http://ld.mediaget.com/index2.php?l=es&r=decemuladores.com&f=-1694-mario-party-ds-usa&s=-1694---Mario-Party-DS-(USA)&bbls_client_id=145528739&bbl=1&bbl_clk_id=418894-1425317014

http://sub2.bubblesmedia.ru/sb/clk/s/1246/o/145/p/1249/.../zsr?a=1

http://mediaget.com/torrent.php?r=saglamindir.net&s=Counter Strike 1.6 Botlu Full Indir &f=Counter Strike 1.6 Botlu Full Indir

http://ld.mediaget.com/index2.php?l=tr&r=canisik.net&f=gta-san-andreas-full-ndir--tek-link&s=GTA-San-Andreas-Full-ï¿½ndir-ï¿½-Tek-Link&bbls_client_id=152043931

http://sub2.admitlead.ru/sb/clk/s/237/h/447b40/o/471/p/1499/.../0?a=1

http://sub2.admitlead.ru/sb/clk/s/276/o/471/p/1499/.../file?a=1

http://sub2.bubblesmedia.ru/go/?link=465YsrSnD/xdVkk4gQFbE jR2S3q/RQav6MgIYhu2cDYwLX6MroGtbdbBrRJ7p3VVfoZ8nCRneZuc fMOlEzPEvn8itqc8w0qFjzD/Xs96kgGGVbLi855 ZprsK2TGZHaeO75MGvVQ9G8w==&param=q4gSsOOMjBE=&rid=1962&s=???????? ??? ????????: ??? ????? ? HD /.../ ????? ??? ????????: ??? ????? (2015) ?????? - ?????????? - ??????? ?? ?????? ?????? - ??????? ?? ?????? 2014 ? HD ??????&cs=UTF-8&u=&fu=&cc=1

http://torr.mediaget.com/torr.php?rid=1752&s=Blazing Angels: Squadrons Of WWII [RELOADED] - FULL - Zamunda Torrent - indir&r=torrent-oyun.com&f=Blazing Angels: Squadrons Of WWII [RELOADED] - FULL - Zamunda Torrent - indir&cs=windows-1254&u=&fu=&cc=1&bbl=1&bbl_clk_id=34926-1426212007&bbls_client_id=152085047

http://www.mmohelper.ru/go.php?http://sub2.bubblesmedia.ru/sb/clk/s/1665/h/689943/o/145/.../dlnew21?a=1

http://torr.mediaget.com/torr.php?r=indiroyunu.com&fu=http://cdn.steampowered.com/.../SteamInstall.msi&f=counter-strike-16

http://torr.mediaget.com/torr.php?r=oyungezginler.com&s=Minecraft 1.7.2 Full indir – Tek Link&f=Minecraft 1.7.2 Full indir – Tek Link

http://torr.mediaget.com/torr.php?r=indiroyunu.com&fu=http://http.download.nvidia.com/downloads/nZone/.../NFSU2_Demo.exee&f=Nfs-underground-2

http://sub2.bubblesmedia.ru/sb/clk/s/2027/o/145/.../0?a=1

http://sub2.bubblesmedia.ru/.../?link=JRhig0eaZtvyzhrvJKLJ4zjA2 aT5d5PCxRQpPOxl4rWKvaS5gxfHCAqkqZxhKI9Nk8buIbOIrP9cp fZ1wCFGD LUorosCdelxadfkxMd2fa9f29OnR7SbUNbcoz1KnEf59uSyQL169Lu8=&param=jtSanMFgVuA=&rid=1144&s=&r=p-games.ru&f=&cs=windows-1251&u=&cc=1

http://sub2.bubblesmedia.ru/go/?link=9utcflYR7IQE9FO3t6K7Uy0ltqoZ R6eCH5abbGpmgJDJIZzmTYm0iNFRJGMDqpw1JNquGKuSemC0XmjL1pdG17YbokToZm71OZb3S1mu4jM5f2oa8PGUk 6gK9VmGRxCIGJbmRrVUH5aKw=&param=bGGocWHOWbA=&rid=2089&s=??????? ?????? ????? ????? 1 (2014) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&r=fast-torrent.ru&f=??????? ?????? ????? ????? 1 (2014) - ???????? ??????? ?????? ??????? ?????? ? Fast torrent ??????? ?????? ????????? ??? ???????????&cs=utf-8&u=&fu=http://www.fast-torrent.ru/download/torrent/.../undefined.torrent&cc=1

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index3.php?reinstall=true&os=windows&r=yandex?EsetProtoscanCtx=aafded8

Latest 30 of 83 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to sw90.ua-hosting.company (91.215.156.143:80)

Remove mediaget_id723275ids2s.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.