home

prefetch.exe

Media Codecs Pack

White Sea Media

The application prefetch.exe, “Setup Application” by White Sea Media has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from downloads.shoppingsuggestion.com.
Publisher:
White Sea Media  (signed and verified)

Product:
Media Codecs Pack

Description:
Setup Application

Version:
1.0.4.0

MD5:
3a5c8781f32dfc3e286e72c1cfdb2478

SHA-1:
df79962995c83a5655bbe900f962e6e62568326d

SHA-256:
43b06d1e61421f8022e4db3c3c771d19d1982fb7d8441df22458e37841dfac0e

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
1/14/2025 9:33:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.49187
1086

AhnLab V3 Security
Unwanted/Win32.BitCoinMiner
2014.01.23

Avira AntiVirus
TR/Rogue.10455890
7.11.136.228

avast!
Win32:BitCoinMiner-FC [Trj]
2014.9-140103

AVG
CoinMiner
2014.0.3615

Bitdefender
Gen:Variant.Strictor.49187
1.0.20.225

Bkav FE
W32.Clod8d8.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17671

Dr.Web
Trojan.BtcMine.221
9.0.1.03

Emsisoft Anti-Malware
Gen:Variant.Strictor.49187
8.14.02.14.08

ESET NOD32
Win32/CoinMiner.JO (variant)
8.9295

Fortinet FortiGate
W32/CoinMiner.JO!tr
2/14/2014

F-Secure
Gen:Variant.Strictor.49187
11.2014-14-02_6

G Data
Gen:Variant.Strictor.49187
14.2.24

IKARUS anti.virus
Win32.BitCoinMiner
t3scan.2.2.29

McAfee
Artemis!3A5C8781F32D
5600.7252

MicroWorld eScan
Gen:Variant.Strictor.49187
15.0.0.135

NANO AntiVirus
Trojan.Win32.BtcMine.csuxrx
0.28.0.57473

Norman
CoinMiner.S
11.20140807

nProtect
Trojan.GenericKD.1501676
14.01.23.01

Qihoo 360 Security
Win32/Trojan.380
1.0.0.1015

Reason Heuristics
PUP.Installer.WhiteSeaMedia.I
14.8.7.21

Sophos
Generic PUA LF
4.98

Trend Micro House Call
TROJ_GEN.F47V0101
7.2.353

Trend Micro
PAK_Generic.016
10.465.19

Vba32 AntiVirus
Trojan.Miner.abi
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25364

File size:
7.3 MB (7,681,896 bytes)

Product version:
1.0.4.0

Copyright:
White Sea Media Copyright ?1992-2012 White Sea Media

Trademarks:
White Sea Media is a trademark of White Sea Media

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\prefetch.exe

Digital Signature
Signed by:
White Sea Media

Authority:
COMODO CA Limited

Valid from:
7/8/2013 2:00:00 AM

Valid to:
7/9/2014 1:59:59 AM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
12/16/2011 8:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:WKDNRj6uGAhprLupFBSymykOLRmUmB3XksnDdVy5dfv:WeH2SvrLuvg0kWoBE8dg5dH

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file prefetch.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/gpubundle6.exe

Remove prefetch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.