× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccc27af106e8e9c8970340beb0a18ff05779262de828db7e26985b3e974a4bed
File name: MediaGet_id1350172id.exe
Detection ratio: 12 / 43
Analysis date: 2012-12-11 17:15:13 UTC ( 6 years ago ) View latest
Antivirus Result Update
AntiVir APPL/MediaGet.Gen5 20121211
Avast Win32:MediaGet-K [PUP] 20121211
AVG Suspicion: unknown virus 20121211
Emsisoft Riskware.Downloader.Win32.MediaGet.AMN (A) 20121211
eSafe Win32.Trojan 20121210
ESET-NOD32 probably a variant of Win32/MediaGet 20121211
F-Prot W32/MediaGet.A.gen!Eldorado 20121211
K7AntiVirus Unwanted-Program 20121211
Kaspersky not-a-virus:Downloader.Win32.MediaGet.dvv 20121211
Malwarebytes PUP.Adware.MediaGet 20121211
SUPERAntiSpyware PUP.MediaGet 20121211
Symantec Trojan.ADH.2 20121211
Yandex 20121211
AhnLab-V3 20121211
Antiy-AVL 20121211
BitDefender 20121211
ByteHero 20121130
CAT-QuickHeal 20121211
ClamAV 20121211
Commtouch 20121211
Comodo 20121211
DrWeb 20121211
F-Secure 20121211
Fortinet 20121211
GData 20121211
Ikarus 20121211
Jiangmin 20121211
Kingsoft 20121210
Microsoft 20121211
eScan 20121211
NANO-Antivirus 20121211
Norman 20121211
nProtect 20121211
Panda 20121211
Rising 20121211
Sophos AV 20121211
TheHacker 20121210
TotalDefense 20121211
TrendMicro 20121211
TrendMicro-HouseCall 20121211
VBA32 20121211
VIPRE 20121211
ViRobot 20121211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2011 MediaGet LLC

Product mediaget-installer Module
Original name mediaget-installer.exe
Internal name mediaget-installer
File version 1.0
Description MediaGet installer
Comments MediaGet installer
Signature verification Signed file, verified signature
Signing date 2:07 PM 11/19/2012
Signers
[+] Media Get LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 3/9/2011
Valid to 12:59 AM 3/9/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A052DA219EC34899AB945640F7C9863BA40152D0
Serial number 71 D2 6D 57 9A EE 6A 76 8F 27 CF 3B 6D 4E 9A 91
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-19 13:06:40
Entry Point 0x00173950
Number of sections 3
PE sections
Overlays
MD5 61c425eaceefb4d371f9ba15d0a25120
File type data
Offset 735744
Size 3816
Entropy 7.37
PE imports
RegCloseKey
InitCommonControlsEx
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysFreeString
EnumProcesses
ShellExecuteW
AssocQueryStringW
VerQueryValueW
InternetOpenW
CoInitialize
Number of PE resources by type
TEXT 19
RT_BITMAP 10
RT_ICON 5
ARCHIVE_7Z 3
RT_GROUP_ICON 2
RT_DIALOG 1
Struct(240) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
RUSSIAN 15
PE resources
ExifTool file metadata
FileDescription
MediaGet installer

Comments
MediaGet installer

InitializedDataSize
376832

ImageVersion
0.0

ProductName
mediaget-installer Module

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
mediaget-installer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2012:11:19 14:06:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mediaget-installer

SubsystemVersion
5.0

ProductVersion
1.0

UninitializedDataSize
1159168

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 2011 MediaGet LLC

MachineType
Intel 386 or later, and compatibles

CompanyName
MediaGet LLC

CodeSize
360448

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x173950

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 603c6cc9f8b97765a0e40c965949898d
SHA1 b13afd102c05ec252609c214f68313dff030e7ca
SHA256 ccc27af106e8e9c8970340beb0a18ff05779262de828db7e26985b3e974a4bed
ssdeep
12288:VU9oVKUBWm3fGX8G1FxV0fOSB++w/xNOMfs33sUn6pxeTDpPhF0sHGIp8vb:VJVKyWmOXFViOSBrw5Xs33mGpJF0sXcb

authentihash 6a81b675f50244573d27f372c73d46113f9f65a44883f1985705da11dad36bb7
imphash 66cca6fa169d686fd5abe1af4d6230ee
File size 722.2 KB ( 739560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
signed peexe upx usb-autorun overlay

VirusTotal metadata
First submission 2012-11-19 15:19:13 UTC ( 6 years ago )
Last submission 2018-07-03 01:26:48 UTC ( 5 months, 2 weeks ago )
File names rusifikator_dvdlabpro_234__id2120696id.exe
________________________id2891618id.exe
MediaGet_id261886id.exe
emicsoft_keygen_id2947587id.exe
konvertor_kartinok_v_tekst_id3670468id.exe
wondershare_drfone_iphone_4_10033___serial__bidjan_id3812762id.exe
gothic_3_community_patch_v173_id1003799id.exe
filename
output.17699116.txt
regclean_pro_621652579___serial_id2860386id.exe
fifa2005install_id1456859id.exe
titan_quest__immortal_throne__id4095410id.exe
skachat_pc3dinstruktorv227uchebnyjavtosimulyatordopolnitelnyemashiny2011[rus][russound][l]_[mods][obnovleno190912]torrent_bez_registracii_id2700066id.exe
rusifikator_dlya_viking_battle_for_asgard_id697280id.exe
microsoft_office_select_edition_2013_15044201017_vl_by_krokoz_id4359503id.exe
resident_evil_5__full_unlocker__id1421767id.exe
turbodelphiexploreredition2006_crkfff_id2637370id.exe
MediaGet_id4712997id.exe
nativeinstrumentsfm8standalonevstvstirtas120x86x64assign_id928174id.exe
MediaGet_id748397id.exe
228719-669411-mediaget.exe
{0EE37B49-5829-4327-8246-8CC5D253D999}
manconetobfuscator3000crackedsnd_id3096577id.exe
MediaGet_id1959163id.exe
media get 2.01.2198.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!