wolfenstein-the-old-blood-2015-pc-repack-ot-xatab_id2260452ids2s.exe

mediaget-installer Module

Inbox OOO

The application wolfenstein-the-old-blood-2015-pc-repack-ot-xatab_id2260452ids2s.exe, “MediaGet installer” by Inbox OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.installadpro.com and multiple other hosts. While running, it connects to the Internet address sw90.ua-hosting.company on port 80 using the HTTP protocol.
Publisher:
MediaGet LLC  (signed by Inbox OOO)

Product:
mediaget-installer Module

Description:
MediaGet installer

Version:
1.0

MD5:
37c96b46e00b2e90bd944e873ff53d0b

SHA-1:
ae831f3da89033dd6f1f1c7e0caad44e826e6599

SHA-256:
b574f17863ce15f9cdff7ee27f20418226e5d807a2ab944673084e9f7dd9bfe4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:34:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaGet.Inbox.Installer (M)
16.7.4.10

File size:
479.8 KB (491,352 bytes)

Product version:
1.0

Copyright:
Copyright (c) 2011 MediaGet LLC

Original file name:
mediaget-installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wolfenstein-the-old-blood-2015-pc-repack-ot-xatab_id2260452ids2s.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/16/2016 3:00:00 AM

Valid to:
9/17/2017 2:59:59 AM

Subject:
CN=Inbox OOO, O=Inbox OOO, STREET="16 of. 2, per. Monetchikovski 5-I", L=MOSCOW, S=MOSCOW, PostalCode=115054, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AE2F0B53DD74EA62BD9A5322DC2C5632

File PE Metadata
Compilation timestamp:
7/1/2016 4:04:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:VzvbK89LQrSREgYmQM/bfAfojPhXDJSpFYyy:xDKsLWGEgTQ8sfI5o0

Entry address:
0x12CCD0

Entry point:
60, BE, 00, 80, 4E, 00, 8D, BE, 00, 90, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
276 KB (282,624 bytes)

The file wolfenstein-the-old-blood-2015-pc-repack-ot-xatab_id2260452ids2s.exe has been seen being distributed by the following 50 URLs.

http://www.installadpro.com/indir.php?&t1=fullprogramlarust&is=X Codec Pack Indir 2.7.4 Tüm Videolari Izleme

http://sub2.admitlead.ru/sb/clk/s/417/h/d58282/o/471/.../0?a=1

http://sub2.admitlead.ru/sb/clk/s/901/h/fceed1/o/471/.../0?my_affiliate_id=reklamtrk.com&f=EmilyWantsToPlayTorrent&data_send_to_me=02E14EF70FD16DC03722D9F1E658937720FE42AB_www.torrent-indir.net_hemenindirx

http://sub2.bubblesmedia.ru/sb/clk/s/1316/h/2cddc8/o/145/p/1313/.../0?a=1

http://ld.mediaget.com/index2.php?bbl_clk_id=556223-1467656230&bbl=1&r=n-torrents.ru&bbls_client_id=319581804

http://sub2.bubblesmedia.ru/go/?link=b9ZfnFURAvvQ/Zqdttx tjwE9xOlM8a0lz9F iHcz9NCV6Nzha7fj57DamaffH/.../lQ0r7BLctnCqLTl5b014v&param=roAv8ufwhqU=&un=577e58cb49f55&rid=1451&f=Half Life 1 Full Indir (250 mb)

http://sub2.bubblesmedia.ru/sb/clk/s/3199/h/e70260/o/145/sub/0?a=1&f=Neighbors_2_Sorority_Rising_2016_d_WEBRip.720p.torrent&u=http://rumedia.ws/.../download.php?id=2543

http://mediaget.com/torrent.php?r=torrent-oyun.com<br />r=torrent-oyun.com&<br />f=Harry Potter and the Half-Blood Prince_Torrent-Oyun.com&<br />p=http://img.zamunda.net/bitbucket/hphbp.jpg&<br />u=http://www.torrent-oyun.com/.../>p?action=dlattach;topic=2154.0;attach=26639

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=Aero ft. MorfoMark & SaMow - Kinetic Rhyme (Aerosol Productions).mp3

http://sub2.bubblesmedia.ru/go/?link=KkDv4WAgojm4 qG/IaMUQmeQ0nXvhdoRvaExV/9hE2Iqw/Qgbk2YE/hO7zRiMWqJo1/LOf3zGfzybjVRfitppZdZ0gL0Dt6c E5ZL1lJiTCyBryamsMATs8aMwsO47P2T/jejSmcWS4sVyU=&param=XIhNI0hVs1g=&un=577a71ffc9a47&rid=3405&r=softforfree.com&f=Nero_BurningROM2015_stub_3p_trial.exe&u=http://www.softforfree.com/files/.../Nero_BurningROM2015_stub_3p_trial.exe

http://sub2.bubblesmedia.ru/go/?link=KSEaYffpmujdcU44goFRBuO70x/gskmm66OysbWSnsqYK28RO0YI3826SzyGw2Oi5h/PVoyTbaokwL7mYM923vxUqyiyZuL8rd U5bG O7ZrdWkrmu13LraPxeDD9cd2bt YNQotwpfTzQ==&param=tOkmTCtlidg=&un=577b04ba99cb1&rid=3242&r=torrent-windows.net&f=w10.torrent&u=http://torrent-windows.net/.../download.php?id=39635

http://ld.mediaget.com/index2.php?l=tr&r=programmerkezi.net&f=dragon-mania-efsaneleri&bbls_client_id=306197116&bbl=1&bbl_clk_id=254597-1467804169&use_f=1

http://sub2.bubblesmedia.ru/sb/clk/s/1679/h/469e57/o/145/.../0?a=1&f=Call of Duty: Black Ops 3

http://ld.mediaget.com/index2.php?l=ru&r=knigi.ws&bbls_client_id=323162027&bbl=1&bbl_clk_id=125016-1468482065

http://sub2.admitlead.ru/sb/clk/s/877/h/0064ca/o/471/p/1507/.../0?a=1

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=AvaHack.rar

http://hamachi-pc.ru/go/?http://sub2.admitlead.ru/sb/clk/s/1340/h/b7d55f/o/471/p/1447/sub/0?a=1&f=hamachi&fu=https://.../hamachi.msi

http://sub2.bubblesmedia.ru/go/?link=uZfDbUZh6BHXJdh/W/9fPHIINwNoyF 7Otzzvg1zfDNwn44i8sDsB/ZbGqnRLnbYgLMeg 4f1F4QxzpHN7pWUKwJKiVpW1a3yvTM2Y/zlAx2vl8dMzicihwDt0Pb9MN/.../TfSOLYkTH0GAeXROeppfP&param=ourJVZ1xg8s=&un=5788aef7f3e1b&rid=3883

http://goo.gl/rCP8lt

http://sub2.bubblesmedia.ru/sb/clk/s/1852/h/71018b/o/145/.../0?a=1

http://get.tvlend.net/sb/clk/s/992/h/e20d87/o/145/p/994/sub/0?a=1&u=http://tvlend.net/uploads/torrent/.../tvlend.net-Magic-Mike-778949.torrent

http://sub2.bubblesmedia.ru/go/?link=/Gh/u3miDuaMwECa1EVtkkRGZJPZTXWo92tTnbLY/Cf8gudFHWXod8WiisTP3NmkRheWNsVnd6XWv0Uc0BwITaJR5e9/q1QrlbO2J2gLAi9RJR6aQAqHU3BxRTaC7XVOE0BTy2yOwjB9w0w=&param=Atik91AkRCo=&un=578680f1e1914&rid=3811&r=vmusice.net&f=Ukrainian disko-??????&fu=http://cs611222v4.vk.me/u66267544/.../991bac6a856a.mp3?extra=Kmg0PEyTb5pL73PTJ4JeVeCmm0ydr5ED-PHfYz082S5vNkIUc062-Vuw22t6NfnkpSbNZuax4xo3QpzVZ9WyFrTjcjDli_1jrvT1buiDwp9gxz22BuxNOm-TSWXxPjXHfll4EP8Hy4c

http://soft-file.ru//http://.../NP7fuh

http://sub2.bubblesmedia.ru/go/?link=2p7MRLz1mRxqK7rntQOGRlmGXYSJLoXaLtbgGSK02wskZhfsak2RZC52GXtzdpI/mp7kpn2zjGwyFO0IwzCegLnQWddgRej lvYs4EnOTz5qqhlQjGueN97CpgarWXyc8LnMi4G6Cc6cpDx9i5QBl9Un1WvCM64&param=oCVv/.../g=&un=5783933e38618&rid=4057&f=???? ????????? 6 ????? 1-10 ????? ?? 10 ??????? ??????? ?????????

http://verismediya.ru/sb/clk/s/3500/h/4f7911/o/145/sub/.../PC)

http://sub2.bubblesmedia.ru/sb/clk/s/1771/h/42eda4/o/145/.../5?a=1&f=plug play Full

http://mg.bubblesmedia.ru/index.php?redirect_url=http://.../index2.php?bbl_clk_id=458083-1468428303&bbl=1&f=Скачать фильм Белоснежка: Месть гномов / Mirror Mirror (2012) через торрент. Трейлеры, правдивые оценки, рецензии и комментарии, похожие фильмы, саундтрек, новости и интересные факты и н%

http://sub2.bubblesmedia.ru/sb/clk/s/3164/h/8231c4/o/145/.../0?a=1&f={Football Manager 2016}

http://sub2.bubblesmedia.ru/sb/clk/s/2015/h/c1e42e/o/145/.../0?a=1&f=Dumpper.rar

http://sub2.admitlead.ru/sb/clk/s/490/h/4b734e/o/471/sub/forest?a=1&u=http://the-forest.ru/.../3DMGAME-The.Forest.Public.Alpha.v0.42.Cracked-3DM.torrent&f=The-Forest-alpha0.42.Cracked-3DM

Latest 30 of 464 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to sw90.ua-hosting.company  (91.215.156.143:80)