Manalyze report for 0dc6c06ce160b14df5dda5019b96adf6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-May-10 14:36:12
Detected languages	English - United States Russian - Russia
Comments	MediaGet installer
CompanyName	MediaGet LLC
FileDescription	MediaGet installer
FileVersion	`1.0`
InternalName	mediaget-installer
LegalCopyright	Copyright (c) 2011 MediaGet LLC
OriginalFilename	mediaget-installer.exe
ProductName	mediaget-installer Module
ProductVersion	`1.0`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetOpenW` `Leverages the raw socket API to access the Internet: #115` `Manipulates other processes: EnumProcesses` `Can take screenshots: BitBlt GetDC`
Info	The PE's resources present abnormal characteristics.	`Resource 1 is possibly compressed or encrypted.` `Resource 129 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: GLOBAL MICROTRADING PTE. LTD.` `Issuer: thawte SHA256 Code Signing CA`
Malicious	VirusTotal score: 37/71 (Scanned on 2020-01-03 18:02:23)	`CAT-QuickHeal: Trojan.Mauvaise.SL1` `Malwarebytes: PUP.Optional.MediaGet` `SUPERAntiSpyware: PUP.MediaGet/Variant` `K7AntiVirus: Adware ( 005524301 )` `K7GW: Adware ( 005524301 )` `TrendMicro: PUA_MediaGet` `F-Prot: W32/MediaGet.G.gen!Eldorado` `ESET-NOD32: Win32/MediaGet.AL potentially unwanted` `APEX: Malicious` `Kaspersky: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen` `AegisLab: Riskware.Win32.MediaGet.1!c` `Emsisoft: Application.MGet (A)` `Comodo: Application.Win32.MediaGet.G@5j5oaa` `F-Secure: PotentialRisk.PUA/MediaGet.Gen5` `DrWeb: Program.MediaGet.157` `Invincea: heuristic` `McAfee-GW-Edition: MediaGet` `Sophos: MediaGet (PUA)` `Cyren: W32/MediaGet.G.gen!Eldorado` `Jiangmin: Downloader.MediaGet.avj` `Webroot: W32.Adware.Gen` `Avira: PUA/MediaGet.Gen5` `Fortinet: Riskware/MediaGet` `Endgame: malicious (moderate confidence)` `Microsoft: PUA:Win32/MediaGet` `ViRobot: Adware.Mediaget.608496` `AhnLab-V3: PUP/Win32.Agent.C2550741` `ZoneAlarm: not-a-virus:HEUR:Downloader.Win32.MediaGet.gen` `McAfee: MediaGet` `VBA32: BScope.Downloader.MediaGet` `Cylance: Unsafe` `TrendMicro-HouseCall: PUA_MediaGet` `Rising: PUF.MediaGet!8.C1 (TFE:5:X4czSOxaT5F)` `Yandex: PUA.Downloader!` `eGambit: Unsafe.AI_Score_89%` `GData: Win32.Adware.MediaGet.A` `AVG: FileRepMalware [PUP]`

Hashes

MD5	`0dc6c06ce160b14df5dda5019b96adf6`
SHA1	`f7e714345d5b51e5c5e20006cd8fc910eb9ed984`
SHA256	`48cb86b5960b65991a82c7e147d67d35bde4c68755ecdb0f36060e66501b5fc6`
SHA3	`89c80da8619a68110b8881d531ea6bf545e6b8d31233d992907a8161a503dfb9`
SSDeep	`12288:f5KZw7o6+5hvihKg7jMzvrojbpzBhkCjAQQAGrU2xUVOFwWwe2qle:f5KS7ScH72rEbpzBhkCjAHAG3xkOF59Y`
Imports Hash	`7fb106e6b75d6bf66ab0cbffc134d2a0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-May-10 14:36:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x38000`
SizeOfInitializedData	`0x5a000`
SizeOfUninitializedData	`0xb4000`
AddressOfEntryPoint	`0x000EC4C0 (Section: UPX1)`
BaseOfCode	`0xb5000`
BaseOfData	`0xed000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x147000`
SizeOfHeaders	`0x1000`
Checksum	`0x96beb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb4000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`849916c750defdc18da91882d7af4401`
SHA1	`4093f8446ff6523094297e812797e28d8930faf9`
SHA256	`914459b4260a38e424cd7c5eb21492738311a38518bd1990f7ef5413e867c73f`
SHA3	`c76b9e2ab400a698d2d4c013fb9738dcaa55ab7f8f2a59ffebeea2e916b1c3e3`
VirtualSize	`0x38000`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x37800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92408`

.rsrc

MD5	`f2712c96aad10d0cfc40e07afe06dbbc`
SHA1	`4c82ac5f9f497a00d93f4ac7d91e94feb6f9347f`
SHA256	`67157b020317306feacb0d104cbe9607f85136316bef62b47c18952b5078f221`
SHA3	`7156d12b7b956173807317bfe0ba3af5a3970d11ceb49ab43301ee69e7f9fbf0`
VirtualSize	`0x5a000`
VirtualAddress	`0xed000`
SizeOfRawData	`0x59c00`
PointerToRawData	`0x37c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.94914`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`RegCloseKey`
COMCTL32.dll	`InitCommonControlsEx`
GDI32.dll	`BitBlt`
ole32.dll	`CoInitialize`
OLEAUT32.dll	`#6`
PSAPI.DLL	`EnumProcesses`
SHELL32.dll	`ShellExecuteW`
SHLWAPI.dll	`AssocQueryStringW`
USER32.dll	`GetDC`
WININET.dll	`InternetOpenW`
WS2_32.dll	`#115`

Delayed Imports

HTML

Type	`ARCHIVE_7Z`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x50e13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99944`
Detected Filetype	7-Zip compressed file
MD5	`16e5a36c053b6893e63c0f8e3e71f105`
SHA1	`366029921389be9257506f61872ccfa3d04fe9a7`
SHA256	`ffd29bb878edf814b9e3b9411ce471cceafc8f8899b56ee032e4c34623addd23`
SHA3	`f8c65e3ea5ab89d4adb7549ab3bc9252238d29de6db32e6dc45aa98f2d80f649`

PRELOADER

Type	`ARCHIVE_7Z`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x3b96`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98607`
Detected Filetype	7-Zip compressed file
MD5	`7a916463e9aa8c35984ab2649d32f950`
SHA1	`7d93a27bfcaa3225e86ae73bd8e098f5f66fa504`
SHA256	`2588b14cc5f4811a497d282c8c5f7dc967973f30cf4c3c03178d1ae92c0adeca`
SHA3	`70ddcc289efb96a2f1e9fe4508ed8e4334e1c0a4ad360024d9392b281c99850e`

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7297`
MD5	`37a43757a75e33d1953ee71a366de793`
SHA1	`c5402b6b4d6f0e379965c4a36c8de388ba52dc51`
SHA256	`a03abe86ed2a60c5ae01aec9989c397684a28dd3c25115d7591eb30710369ac8`
SHA3	`10204f95c77d958c21d3da9032a8592e0448051052510baf440612647dc1d916`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95548`
MD5	`0391899fff52c23cbf226ea473cfb620`
SHA1	`c230baaf0c35dc6d546e021edbb5a5b13e6fe290`
SHA256	`663ba2a76dd6bd107e20f87a3d0d04c85b2cebcd5324e1acb30df201be1c9f29`
SHA3	`19fe466f8230f3540a770d557edee8a91f0df583ea77ecd97fafb4f6a092ddcb`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18073`
MD5	`38ee163b193d8b3dbaed29c3edd9332e`
SHA1	`9a525f5792bf2f01088ced0c4fb346ca820af546`
SHA256	`b48c12b91b9f2a2371f3c5602b6e531dbce77662068bd737415de2f0931fa8c7`
SHA3	`d870e4cb414c3e405e1d76b87a6650a5c9c3141eda1eda207034bb6304404fe6`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05232`
MD5	`efd7367e0c935fff330ce2b27e4e10a0`
SHA1	`e41f3a6aa937efc73ae0e30c6751f5e09c661d52`
SHA256	`b6c6f66305362100c89d129d32b2d5fa069fd0da7ed5725197444ffa23566cbe`
SHA3	`56bb969b6526793710f7b3b18cc4862d34240f8b633730ba6b7e191e97baae5c`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75162`
MD5	`f68a43230d48bb24badeb9062cb73f48`
SHA1	`68fdb46a34869ea1f58283262958782cbc637181`
SHA256	`2b4fd6d5f97086f9963fe9f6fb51085979a0cea3767f76ef5396b221d5a4ae9e`
SHA3	`e7f49be1d3176a745a5ae53558a096486ef1beaafac1cf82247a1aea2867c4d7`

129

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.14152`
MD5	`71c275de19f05c94a03ac05a407a2226`
SHA1	`9aee01a28ce0a39946423938747f1953cf45014e`
SHA256	`18f5f2a44476937abb0b98e5112e4c4ee8a86cbbc45724ef32796077f42f0796`
SHA3	`100296bbff341a47f9594e442c522d6aac2eeaf8098c7b4dda146976031bba58`

128

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x70`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40776`
MD5	`0b4244da6558816b0e9882c4837ee386`
SHA1	`97ff375f2ff612af96d68bc82dbb3bc23d2ff08e`
SHA256	`54ce1400a3632f57a036f906501c8ab3523cc039e757e93be7d101bfb98d272e`
SHA3	`ab3b38f6a85cdf88037d1d3bb49509ac24d576144e918b698f255cba125e1cc5`

128 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68598`
Detected Filetype	Icon file
MD5	`032cd024a49e37ce77d4720582291440`
SHA1	`5eab7e784b579aa72de4a04121ef7d7e865c596e`
SHA256	`99e222853c95957d4e8af20500231dfb884884edbcc1ad69e3c80259997cf285`
SHA3	`3e83ab44888a5add78bcb22cb695904ff021e172bfb0a03ac98c03ac390040a7`

219

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22193`
MD5	`178c9e812017b458d08cd74a34921bd0`
SHA1	`9b3cd9833a9c84501006f26fc656b548a75cacb6`
SHA256	`0c57f11b277bc3c1d2677dc9292c38870d7c65c6317e06ef791488b286922c85`
SHA3	`38e316a18a5a522ea111bc42405bb7b708992cb89a2196e0262920abd512f83b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x354`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28905`
MD5	`86790bee0c590faa2333c7649583f499`
SHA1	`9ebe77f155c7ec08dce25f8371840c9118d0302d`
SHA256	`13098abad379ee22547e25e2023699231d28ca7ea3b55f1c4f72bb7567a1ebfb`
SHA3	`4d1aa7afc3f6c77199844eda9110b26694b6bcd71c151fafb752c0164be8a12f`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x249`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19483`
MD5	`3a66d5be081e05d22ba2c3d6b55fe9f5`
SHA1	`8add6582876296113e7a42986c23395c7813e7fa`
SHA256	`e71edaa2dad5fd322625c047b080165d5b4f50c925f4a0d3153b57875519393b`
SHA3	`ff63d8f3d008321d169d78c6ceafec27561930521c87976103d7ca5c0a826e45`

129 (#2)

Type	`UNKNOWN`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.78563`
MD5	`3ddc1e59aff8b0252e0ca087f50faaa2`
SHA1	`c28accae82cef734b5f12ccbbc453e8749c16532`
SHA256	`fa1be57873a93940ecf7e495229455a2eb4cc302eba5834ff392b4818430a4a2`
SHA3	`4aa7765c660e83107c3927388b8598f5ba7a3f5e83614ecb325b8161423a4183`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	MediaGet installer
CompanyName	MediaGet LLC
FileDescription	MediaGet installer
FileVersion (#2)	1.0
InternalName	mediaget-installer
LegalCopyright	Copyright (c) 2011 MediaGet LLC
OriginalFilename	mediaget-installer.exe
ProductName	mediaget-installer Module
ProductVersion (#2)	1.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x47ead4`
SEHandlerTable	`0x472f00`
SEHandlerCount	`315`

RICH Header

XOR Key	`0x14578280`
Unmarked objects	`0`
150 (20413)	`1`
ASM objects (VS2008 build 21022)	`26`
C objects (VS2008 build 21022)	`142`
C objects (VS2012 build 50727 / VS2005 build 50727)	`8`
Imports (VS2012 build 50727 / VS2005 build 50727)	`25`
Total imports	`342`
C objects (VS2008 SP1 build 30729)	`9`
C++ objects (VS2008 SP1 build 30729)	`1`
137 (VS2008 build 21022)	`14`
C++ objects (VS2008 build 21022)	`107`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Resource 219 is empty!