× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56c39a384d4800b6f0f008023a8cb119323dfb80cf2a7b92d1e58b560e3af84b
File name: -897832020-2065249471.exe
Detection ratio: 27 / 52
Analysis date: 2016-01-26 14:02:25 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2997024 20160126
Yandex Trojan.Inject!bdqc20KjcFg 20160125
Arcabit Trojan.Generic.D2DBB20 20160126
Avast Win32:Malware-gen 20160126
AVG Crypt5.ACQL 20160126
Avira (no cloud) TR/Crypt.ZPACK.115116 20160126
Baidu-International Adware.Win32.iBryte.EJDN 20160126
BitDefender Trojan.GenericKD.2997024 20160126
CAT-QuickHeal Trojan.Generic.B4 20160125
DrWeb BackDoor.Gootkit.182 20160126
Emsisoft Trojan.GenericKD.2997024 (B) 20160126
ESET-NOD32 a variant of Win32/Kryptik.EGWY 20160126
F-Secure Trojan.GenericKD.2997024 20160126
Fortinet W32/Kryptik.EJXP!tr 20160126
GData Trojan.GenericKD.2997024 20160126
Ikarus Trojan.Win32.Crypt 20160126
Kaspersky Trojan.Win32.Inject.vspu 20160126
McAfee RDN/Generic.grp 20160126
McAfee-GW-Edition BehavesLike.Win32.Virut.fc 20160126
Microsoft Trojan:Win32/Dynamer!ac 20160126
eScan Trojan.GenericKD.2997024 20160126
nProtect Trojan.GenericKD.2997024 20160126
Panda Trj/CI.A 20160125
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160126
Sophos AV Mal/Generic-S 20160126
Symantec Suspicious.Cloud.9 20160125
TrendMicro TROJ_GEN.R00XC0DAN16 20160126
AegisLab 20160126
AhnLab-V3 20160125
Alibaba 20160126
Antiy-AVL 20160126
Bkav 20160126
ByteHero 20160126
ClamAV 20160126
CMC 20160111
Comodo 20160126
Cyren 20160126
F-Prot 20160126
Jiangmin 20160126
K7AntiVirus 20160126
K7GW 20160126
Malwarebytes 20160126
NANO-Antivirus 20160126
SUPERAntiSpyware 20160126
TheHacker 20160124
TotalDefense 20160126
TrendMicro-HouseCall 20160126
VBA32 20160125
VIPRE 20160126
ViRobot 20160126
Zillya 20160126
Zoner 20160126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2011 MediaGet LLC

Product mediaget Module
Original name mediaget.exe
Internal name mediaget
File version 1.0.0.1
Description MediaGet
Comments MediaGet
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-21 19:38:41
Entry Point 0x00008B37
Number of sections 5
PE sections
PE imports
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidA
ConvertStringSidToSidW
Ord(6)
ImageList_Draw
GetOpenFileNameW
SetDIBits
SetMapMode
PatBlt
GetRgnBox
CreateRectRgnIndirect
CombineRgn
GetClipBox
Rectangle
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
SetDCPenColor
CreateSolidBrush
BitBlt
EnumFontFamiliesA
SetTextColor
GetCurrentObject
FrameRgn
MoveToEx
GetStockObject
CreateDIBitmap
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32A
RemoveFontResourceW
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
CreateFileMappingW
HeapAlloc
LocalFree
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
GetConsoleWindow
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetModuleInformation
MapWindowPoints
EmptyClipboard
UpdateWindow
IntersectRect
EndDialog
LoadMenuA
SetClassLongW
OffsetRect
KillTimer
PostQuitMessage
DefWindowProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
IsWindow
GetMenu
GetWindowRect
InflateRect
EnableWindow
ScrollWindowEx
DestroyCursor
EnumChildWindows
MessageBoxA
GetWindowDC
SetWindowLongA
IsWindowEnabled
GetWindow
SetDlgItemTextW
SetScrollInfo
RegisterClassExA
GetMenuItemCount
DrawTextA
BeginPaint
CreatePopupMenu
SendMessageW
GetWindowLongA
ShowWindow
SetClipboardData
OpenClipboard
SetMenu
DefFrameProcA
SetForegroundWindow
GetClientRect
GetDlgItem
DrawMenuBar
AppendMenuA
GetNextDlgTabItem
InvalidateRect
InsertMenuA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
SendMessageA
FillRect
IsDlgButtonChecked
GetSysColorBrush
LoadIconW
GetFocus
GetDC
ReleaseDC
EndPaint
CloseClipboard
CopyImage
GetAncestor
UnhookWindowsHookEx
DestroyWindow
GetThemeInt
DrawThemeBackground
WSAEnumProtocolsA
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
WSACreateEvent
WSAGetLastError
CoCreateInstance
CoTaskMemFree
FindMimeFromData
Number of PE resources by type
RT_ICON 4
RT_STRING 4
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
FileDescription
MediaGet

Comments
MediaGet

InitializedDataSize
194560

ImageVersion
0.0

ProductName
mediaget Module

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
mediaget.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2015:12:21 20:38:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mediaget

SubsystemVersion
5.0

ProductVersion
1.0.0.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2011 MediaGet LLC

MachineType
Intel 386 or later, and compatibles

CompanyName
MediaGet LLC

CodeSize
116736

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x8b37

ObjectFileType
Executable application

File identification
MD5 a0e477fb0ae2be6c6d95236034fbe2c7
SHA1 b7f479eee927159f2f59c4f630331fa27ae4826a
SHA256 56c39a384d4800b6f0f008023a8cb119323dfb80cf2a7b92d1e58b560e3af84b
ssdeep
6144:u8wHDL9lCWoqutz+4k0mtrmqFQ5GG3DCCOHA:BwHX9lCWoH8t6qFStDCCOHA

authentihash 12f89232ed98c2f8b5e8af810dac6bcaed15bce133256f4e3cf702b0fcfda813
imphash 60cd7c1e6b2a68c953623328c6c88dcb
File size 305.0 KB ( 312320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
suspicious-dns peexe

VirusTotal metadata
First submission 2016-01-19 14:01:42 UTC ( 3 years ago )
Last submission 2016-01-19 14:01:42 UTC ( 3 years ago )
File names mediaget
-897832020-2065249471.exe
mediaget.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
DNS requests
UDP communications