home

prefetch.exe

Media Codecs Pack

White Sea Media

The application prefetch.exe, “Setup Application” by White Sea Media has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from downloads.shoppingsuggestion.com.
Publisher:
White Sea Media  (signed and verified)

Product:
Media Codecs Pack

Description:
Setup Application

Version:
1.0.4.0

MD5:
f48be0d9d7f03edbdfb1e399030ef410

SHA-1:
c3f70529566b7acc9d258a4a7ff59a094595be0e

SHA-256:
452d5b2bd0124e94c585e9d06ea32d94fd88223089697384d54bb2ceeeb03bee

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/5/2024 9:33:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.49187
1114

AhnLab V3 Security
Unwanted/Win32.BitCoinMiner
2014.01.23

Avira AntiVirus
TR/Rogue.10455890
7.11.136.228

avast!
Win32:BitCoinMiner-FC [Trj]
2014.9-140117

AVG
CoinMiner
2014.0.3615

Bitdefender
Gen:Variant.Strictor.49187
1.0.20.85

Bkav FE
W32.Clod8d8.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17671

Dr.Web
Trojan.BtcMine.221
9.0.1.017

Emsisoft Anti-Malware
Trojan.Win32.Miner
8.14.01.17.11

ESET NOD32
Win32/CoinMiner.JO (variant)
8.9303

Fortinet FortiGate
W32/CoinMiner.JO!tr
2/17/2014

F-Secure
Gen:Variant.Strictor.49187
11.2014-17-01_6

G Data
Gen:Variant.Strictor.49187
14.1.24

IKARUS anti.virus
Win32.BitCoinMiner
t3scan.2.2.29

McAfee
Artemis!F48BE0D9D7F0
5600.7248

MicroWorld eScan
Gen:Variant.Strictor.49187
15.0.0.51

NANO AntiVirus
Trojan.Win32.BtcMine.csuxrx
0.28.0.57473

Norman
CoinMiner.S
11.20140807

nProtect
Trojan.GenericKD.1501676
14.01.23.01

Qihoo 360 Security
Win32/Trojan.380
1.0.0.1015

Reason Heuristics
PUP.Installer.WhiteSeaMedia.I
14.8.7.21

Sophos
Generic PUA LF
4.98

Trend Micro House Call
TROJ_GEN.F47V0101
7.2.354

Trend Micro
PAK_Generic.016
10.465.20

Vba32 AntiVirus
Trojan.Miner.abi
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25364

File size:
7.4 MB (7,801,920 bytes)

Product version:
1.0.4.0

Copyright:
White Sea Media Copyright ?1992-2012 White Sea Media

Trademarks:
White Sea Media is a trademark of White Sea Media

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\prefetch.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/8/2013 2:00:00 AM

Valid to:
7/9/2014 1:59:59 AM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
12/16/2011 8:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:SKDNRj6uGBFwxW5kBSbGR0ugbykOLR3cdyGKe3DdVy5dff:SeH2pwI5gSbu3kWMdzTdg5dH

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9820  (probably packed)

Code size:
22 KB (22,528 bytes)

The file prefetch.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/gpubundle7.exe

Remove prefetch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.