» update.exe
Overview
Analysis
File Details
Behaviors (1)

update.exe

Mediawave Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Mediawave-Update.exe’.

File name:

update.exe

Publisher:

Mediawave Corporation (signed and verified)

Version:

1.0.0.0

MD5:

71a5916425227f8fbb7237d09b236fda

SHA-1:

c08fbb4027d9ba806c4cad5f14d8ef8b8f7ed0c2

SHA-256:

470bd8ed2c275a403079d86452dab5174c5c9fd24cde07213625163c42d424d2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 2:51:19 AM UTC (today)

File size:

4.2 MB (4,359,840 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\mediawave\update.exe

Digital Signature

Signed by:

Mediawave Corporation

Authority:

thawte, Inc.

Valid from:

10/27/2016 9:00:00 AM

Valid to:

11/27/2017 8:59:59 AM

Subject:

CN=Mediawave Corporation, O=Mediawave Corporation, L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

581C27F1BD769C3143726050B2B4394A

File PE Metadata

Compilation timestamp:

12/16/2015 10:01:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x39B414

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 44, EB, 78, 00, E8, 3B, 36, C7, FF, 68, C0, B4, 79, 00, 6A, FF, 6A, 00, E8, 75, 70, C7, FF, 8B, D8, 85, DB, 74, 7E, E8, 92, 71, C7, FF, 85, C0, 75, 75, A1, 88, 86, 7A, 00, 8B, 00, E8, 3A, 3F, E6, FF, A1, 88, 86, 7A, 00, 8B, 00, BA, F8, B4, 79, 00, E8, 59, 39, E6, FF, A1, 88, 86, 7A, 00, 8B, 00, C6, 40, 6F, 00, A1, 88, 86, 7A, 00, 8B, 00, 33, D2, E8, 58, 5C, E6, FF, B1, 01, BA, 28, B5, 79, 00, A1, 9C, 8A, 58, 00, E8, C7, 6B, E0, FF, 8B, 0D, CC, 83, 7A, 00, A1, 88, 86, 7A, 00... 
[+]

Entropy:

6.6226

Developed / compiled with:

Microsoft Visual C++

Code size:

3.6 MB (3,777,024 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Mediawave-Update.exe

Command:

C:\ProgramData\mediawave\update.exe

Scan update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.