home

prefetch.exe

Media Codecs Pack

White Sea Media

The application prefetch.exe, “Setup Application” by White Sea Media has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from downloads.shoppingsuggestion.com.
Publisher:
White Sea Media  (signed and verified)

Product:
Media Codecs Pack

Description:
Setup Application

Version:
1.0.4.0

MD5:
7f3754d64fef80b2d300ff0c2204d034

SHA-1:
56b351349d69a8fc4f4d055d80049b95b4cf0dcf

SHA-256:
0c521fdbb745d3fc425aaf5e89be7babeefd6d218554150c33906579faecab37

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/5/2024 9:43:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.49187
1084

AhnLab V3 Security
Unwanted/Win32.BitCoinMiner
2014.01.23

Avira AntiVirus
TR/Rogue.10455890
7.11.136.228

avast!
Win32:BitCoinMiner-FC [Trj]
2014.9-140107

AVG
BitCoinMiner.B
2014.0.3615

Bitdefender
Gen:Variant.Strictor.49187
1.0.20.235

Bkav FE
W32.Clod8d8.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17671

Dr.Web
Trojan.BtcMine.221
9.0.1.07

Emsisoft Anti-Malware
Gen:Variant.Strictor.49187
8.14.02.16.05

ESET NOD32
Win32/CoinMiner.JO (variant)
8.9295

Fortinet FortiGate
W32/CoinMiner.JO!tr
2/16/2014

F-Secure
Gen:Variant.Strictor.49187
11.2014-16-02_1

G Data
Gen:Variant.Strictor.49187
14.2.24

IKARUS anti.virus
Win32.BitCoinMiner
t3scan.2.2.29

McAfee
Artemis!3934F6AE093A
5600.7258

MicroWorld eScan
Gen:Variant.Strictor.49187
15.0.0.141

NANO AntiVirus
Trojan.Win32.BtcMine.csuxrx
0.28.0.57473

Norman
CoinMiner.S
11.20140807

nProtect
Trojan.GenericKD.1501676
14.01.23.01

Qihoo 360 Security
Win32/Trojan.380
1.0.0.1015

Reason Heuristics
PUP.Installer.WhiteSeaMedia.I
14.8.7.21

Sophos
Generic PUA LF
4.98

Trend Micro House Call
PAK_Generic.016
7.2.357

Trend Micro
PAK_Generic.016
10.465.23

Vba32 AntiVirus
Trojan.Miner.abi
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25364

File size:
7.7 MB (8,081,040 bytes)

Product version:
1.0.4.0

Copyright:
White Sea Media Copyright ?1992-2012 White Sea Media

Trademarks:
White Sea Media is a trademark of White Sea Media

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\prefetch.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/7/2013 9:00:00 PM

Valid to:
7/8/2014 8:59:59 PM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
12/16/2011 5:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:ZKDNRj6uG4ZjzjgrLupFBSNT0VaCIqUmB3XksNUv:ZeH2izsrLuvg9uJBEZ

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file prefetch.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/cpubundle6.exe

Remove prefetch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.