home

vigilante-8-ps1-_id4857148ids5s.exe

mediaget-installer Module

Inbox OOO

The application vigilante-8-ps1-_id4857148ids5s.exe, “MediaGet installer” by Inbox OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from sub2.bubblesmedia.ru and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Inbox OOO)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
cb0268ea65f29e724cafebb572e6267c

SHA-1:
d2220c5debd6d3bdca7cc16c19dd9f9282fe395f

SHA-256:
457e8b062dfc1456af21bdaa06fd8ef8c5bb64c3b7f4349201554fdff427e9c6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 1:44:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaGet (M)
16.7.15.16

File size:
480.3 KB (491,864 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vigilante-8-ps1-_id4857148ids5s.exe

Digital Signature
Signed by:
Inbox OOO

Authority:
COMODO CA Limited

Valid from:
2/16/2016 2:00:00 AM

Valid to:
9/17/2017 2:59:59 AM

Subject:
CN=Inbox OOO, O=Inbox OOO, STREET="16 of. 2, per. Monetchikovski 5-I", L=MOSCOW, S=MOSCOW, PostalCode=115054, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AE2F0B53DD74EA62BD9A5322DC2C5632

File PE Metadata
Compilation timestamp:
7/13/2016 4:07:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:phscp77tpvI/Ph18dZSp4abfojPhXDJSpFhwI:pGUtpvAp1sYOabfI5oL

Entry address:
0x12DEC0

Entry point:
60, BE, 00, 90, 4E, 00, 8D, BE, 00, 80, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
280 KB (286,720 bytes)

The file vigilante-8-ps1-_id4857148ids5s.exe has been seen being distributed by the following 50 URLs.

http://sub2.bubblesmedia.ru/go/.../1iXLHkzyX7VdqPOStNxuR6F3IVPOeiG7Xwx8lWD8mko2eI2vVOFQ5cK9S2KvyN1Br5ednfJZYKfeXGgYdBRUQXikLZNuQ 8LRYVrK0sYjAX2HcmA7PEcxPoisqc5CWvqOvP4B7DMci89Ha&param=8VWdYJ1MDS4=&un=5792d315e7eb1&rid=3779

http://sub2.bubblesmedia.ru/sb/clk/s/3482/h/e5be2a/o/145/.../0?a=1

http://hamachi-pc.ru/go/?http://my.hamachi-pc.ru/sb/clk/s/1340/h/b7d55f/o/471/p/1447/sub/0?a=1&f=hamachi&fu=https://.../hamachi.msi

http://goo.gl/oncP46

http://sub2.admitlead.ru/sb/clk/s/1194/h/41de2a/o/471/p/1642/.../0?a=1

http://sub2.bubblesmedia.ru/go/?link= aa2opbLV0JfwDX0rv4t4ThWEVJAlNzavLCNqjUmpTKZrd6OoY6Nk25xw0igeWjJYlRsbIY6SQGDZXgPeCmTxtAoGis0vLUsEB4gRQRURS7f2fsoG1jdFsA5gAWtMz1vz8i4Ql/6yo8/5Q==&param=qEQMueI1X7I=&un=5795e72120b24&rid=3511&r=sims-simulator.ru&f=the-sims-3-world-adventures-2.3-gb.torrent&u=http://sims-simulator.ru/.../download.php?id=11

http://sub2.bubblesmedia.ru/go/?link=jk60CWfe7ZcgXL3ZA77XdDFY8WMepva30Z2olbQdHQP8evSNxub9oWl2NEcwmtuV2w3V/dSpOUDbadbkCmenCsXJNXWfuFE9SpO7jCrSB45j1b/.../duS8RR9jQ8=&un=5794a0f877dac&rid=731&s= 2756 - Jackass (EUR)&r=decemuladores.com&f= 2756 - Jackass (EUR)&cs=windows-1252&u=

http://verismediya.ru/sb/clk/s/3460/h/ca4079/o/145/.../0?a=1&f=canon_mf4400 (series)

http://sub2.bubblesmedia.ru/.../?link=CSk3UxrpjuHKtLdJW9SWOW1Di6zNzC z3QAHJaPveRCSbyjmPrERqVzauq2a1c 7RFOO0HX0VXT6QsC4iK4MrBcoXzMGd1jVd4NQihoQYTriKoMQvBymUXJ7g3umMcD4SL2ONo7MK9AUoTBHTUVDfn b8cJR S3k&param=o97 bj5zsJM=&un=57951711654d6&rid=3883

http://sub2.bubblesmedia.ru/sb/clk/s/3297/h/155973/o/145/p/1301/.../0?a=1

http://sub2.bubblesmedia.ru/sb/clk/s/706/h/9403d0/o/145/sub/0?a=1&f=????? 2 / Mafia 2 (2010) PC | RePack ?? R.G. ????????&u=http://torrent-games.net/torrents-part18/.../mafia_ii-r.g-mekhaniki.torrent

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=54 EE 482 Civic 1.6 IES (TURBORAN) Ali H. Gültekin.zip

http://sub2.bubblesmedia.ru/sb/clk/s/706/h/9403d0/o/145/sub/0?a=1&f=Yerevan drive / ?????? ?????&u=http://.../Yerevan Drive.torrent

http://sub2.bubblesmedia.ru/go/?link=u5XuVBwNZ7EAZTFuwFtHa4vxZn6TQE1xlieLtravYoa3Eid/.../5X1HwLsj8wACDAGHHydo vl7fAq dr30SSDydgMw5CEd7M2 PISJJG9lYz8XGnUh2yyZw2KE2JUe038TzccdacCwV9A==&param=tbxNkzZ8sD4=&un=57908d9ca4c6e&rid=1512&s=LEGO Ninjago Shadow of Ronin 3DS ?&r=webtorrent.org&f=LEGO Ninjago Shadow of Ronin 3DS ?&cs=windows-1251&u=&fu=

http://sub2.bubblesmedia.ru/go/?link=lFBPGyQeWdWy1PfK/9JV93K24uDpgjHGrhQrHlvUYeCFn7ndUgI4ekz1wWdS0VBwTRJ3W BRusuk3fB74KtF53Qs1aFnH1Afcfl6XVY98KbXEDvMWJflLVf3lh4yqeZ63FeAn0GfLyiP0qo=&param=9Bz9p8B460k=&un=578a1d959e2f8&rid=3243&r=rutor.net&f=4952725.torrent&u=http://rutor.net/.../download.php?id=56956

http://sub2.bubblesmedia.ru/sb/clk/s/2761/h/e39a73/o/145/sub/0?a=1&f=Rust [v1381c] (2016) [RUS] PC&u=http://mega-torrent.org/.../download.php?id=13142

http://ld.mediaget.com/index2.php?l=ru&r=torrent9.ru&bbls_client_id=327747895&bbl=1&bbl_clk_id=212040-1469525801

http://sub2.bubblesmedia.ru/sb/clk/s/706/h/9403d0/o/145/sub/0?a=1&f=????? ???????? ?????? ???? / Scott Pilgrim vs. the World&u=/.../0-0-0-3239-20

http://sub2.admitlead.ru/sb/clk/s/949/h/6e8fa2/o/471/p/1524/.../0?a=1

http://sub2.bubblesmedia.ru/sb/clk/s/3818/h/7d6abf/o/145/p/1005/.../0?a=1

http://sub2.bubblesmedia.ru/go/?link=voeHfXABL3qLrLUnCZbp9WdZfXQSLxwEX41h/9qXVXVxEC/Npf2pdOllrsV6kasw0QAPZmI5cKqsiorXuWCso4V 6niJb1WuutQfFOy8nI5GUmYCZmMUPCTo085gpWR60JABc6PeMxDf7ZY=&param=141iYMXODqw=&un=57972395241d7&rid=3357&r=vsetop.com&f=???????&u=http://vsetop.com/torrent/.../Kerbal_Space_Program.torrent

http://bbls.pes-zone.ru/sb/clk/s/3752/h/d252d0/o/145/sub/0??a=1&f=PES 2016 torrent&u=http://pes-zone.ru/.../Repack_1.04_DLC_3.0.torrent

http://sub2.bubblesmedia.ru/go/?link=Q3Y/5lqOMX4M80z6ZwkV2nseZySOGhaRehxVoTF1/wmQ22AVhv0GcAA8COyA9O0SjLgG8CXg9X6vIj18LI097FNQ1a1p12eOQi2/eJSVuUb3xP63qCzLpM3oIljnYt/6GRmfAUuJCZeeP44=&param=Gxh9uUPGXrQ=&un=578a33170b757&rid=3811&r=vmusice.net&f=?.??????????-?????? ???????&fu=http://cs9-13v4.vk.me/.../a12a0b60e73f99.mp3?extra=KXwHJmlS8obzWTnLSBcubz9R9lMbXJF-M-WrimRkbfoYLPI_xc9ZSa8DDexdvsJUlJy8kmQuVMCxg2T73hqvW5getqQc9_2AIS9vZ05nvkqyb8ZW7k5PRPuT0ZvJGZFFAQuZC5-nxw4

http://skachat-programmu-torrent.com/utorrent.exe

http://sub2.bubblesmedia.ru/go/?link=grCCiWP9uFI3Ccl45JunSrzwNWwS8AD2pw7QZ6sFPgO7CuWrsI90gSYGjrJj5NzZtuMs7HmUs/ca2hNxSfxwhFeII3WaiWyxXpsEierqcQR9MktSAIvj4n JWll3xNp/HTYP0B2SKPWD5w==&param=YKgAxMPfXMc=&un=578cad7e293dd&rid=2793&s=?????? ?.?.?.?. /.../ The Man from U.N.C.L.E. (2015) ? ??????? ??????? ??????&cs=windows-1251&u=&fu=

http://sub2.bubblesmedia.ru/sb/clk/s/2860/h/ee4d12/o/145/.../0?a=1

http://sub2.bubblesmedia.ru/sb/clk/s/706/h/9403d0/o/145/sub/0?a=1&f=(RePack) Command and Conquer: Generals Generals Zero Hour (RU) (2002/2003)/Tasla Group&u=http://.../Torrentgamesnet_Generalsexe_1332311919.torrent

http://ld.mediaget.com/index2.php?l=ru&r=knigi.ws&bbls_client_id=326203308&bbl=1&bbl_clk_id=123201-1469171573

http://sub2.bubblesmedia.ru/go/?link=fdGiJyGwcYh0thjtUc6OOrDwqHYkI3XO F4slJyFWEBIsXPnFhLhTs0HjUaWWJ7Hjj8T6aaVB Fb6KbcW2G3Jh6uUvVn1fGdnRADn9MmWBCYd6a8lIL/YE50E5vRUDEpBpW YxEmvt2Mu0w=&param=6Tp rQVQeDI=&un=578bcfdb95a3e&rid=3288&r=torrents-game.net&f=v-tylu-vraga-2-shturm&u=http://torrents-game.net/torrents/.../V-tylu-vraga-2-SHturm.torrent

http://sub2.bubblesmedia.ru/sb/clk/s/1949/h/81f590/o/145/.../0?a=1

Latest 30 of 322 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)

Remove vigilante-8-ps1-_id4857148ids5s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.