ThreatExpert Report: not-a-virus:Downloader.Win32.MediaGet.dsl, Trojan.SuspectCRC

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 23 October 2012, 12:33:49
Processing time: 10 min 46 sec
Submitted sample:

File MD5: 0xD6D85ADF67831B0CB5804961AC3FC2A5
File SHA-1: 0x24A7C4E0301F6A0FE58D070DEE18C3CDB09F6D73
Filesize: 1,012,312 bytes
Alias & packer info:

not-a-virus:Downloader.Win32.MediaGet.dsl [Kaspersky Lab]
Trojan.SuspectCRC [Ikarus]
packed with: UPX [Kaspersky Lab]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A program that downloads files to the local computer that may represent security risk

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\mediaget-installer-tmp\img\babylon.jpg	4,702 bytes	MD5: 0x99FC7ED9F116022891742FD2A2D2BF53 SHA-1: 0x11B2636B15AA373BA0AA595C5D5E2B4153D668DB	(not available)
2	%Temp%\mediaget-installer-tmp\img\bg.png	18,172 bytes	MD5: 0x0A3EFA0DC55540C2BAB10C3E6572BF8E SHA-1: 0x8DD4E5F004457FFE15BC901B1833D6CF8A5213EF	(not available)
3	%Temp%\mediaget-installer-tmp\img\claro.jpg	3,863 bytes	MD5: 0xDAF46F1F7360D87B6ECBE9AF13EB8E6D SHA-1: 0x5E2F09B6AB0CD3C9072577B34BF38D64E527ED60	(not available)
4	%Temp%\mediaget-installer-tmp\img\kaspersky.gif	4,438 bytes	MD5: 0x3628294F6268F76341671252C5A12B7B SHA-1: 0x56999E1A278AE4A34C81D4F4B214B0D29818658E	(not available)
5	%Temp%\mediaget-installer-tmp\img\line.jpg	687 bytes	MD5: 0x5F531F03CBC69B5D9983AC5DA233B568 SHA-1: 0x3420531DA5C232F7ED82EB3775E1D2D7296A3144	(not available)
6	%Temp%\mediaget-installer-tmp\img\pbar-ani.gif	7,970 bytes	MD5: 0x01ECF91547D85D738CBE64C2FF7A2F6F SHA-1: 0x43ED120B8BEA41291066EED37C351BCD1958F37C	(not available)
7	%Temp%\mediaget-installer-tmp\img\poster.jpg	26,881 bytes	MD5: 0x216F032456F653503D79BD0E6E844037 SHA-1: 0x1E4FAB306427080B5ADD3D175DD50C2835DBEE3C	(not available)
8	%Temp%\mediaget-installer-tmp\img\preloader.gif	54,963 bytes	MD5: 0xF14349E2D7D2C701EC5DDA854E26C4AF SHA-1: 0x7AE4E8D51AE468C026ADAD39A956D9A7BAA9322A	(not available)
9	%Temp%\mediaget-installer-tmp\img\start.png	5,527 bytes	MD5: 0x392DFBC5A6AFF281A5F51E3A210BD103 SHA-1: 0x55E0C81B8E57EC3CAD57738ED2F496C3857D02E5	(not available)
10	%Temp%\mediaget-installer-tmp\img\yandex.jpg	1,410 bytes	MD5: 0xBB39BBEFA8DFB024C49D3C77425095AA SHA-1: 0x34C238FAA867CC6F7FEEB5EEC6D68CF1A2419D7B	(not available)
11	%Temp%\mediaget-installer-tmp\index.html	10,528 bytes	MD5: 0x6CB5103F7A8D1D0586DD4B18EA9FD08E SHA-1: 0xBBB91A5F9A1AA2AD9C9DE0EC8FED5F24627A0378	(not available)
12	%Temp%\mediaget-installer-tmp\index.template	8,648 bytes	MD5: 0xED50E10CE03F7BA5E2EB9E49716E78E7 SHA-1: 0xF0216CAA31F4614A2BB12A896DB30146655BF258	(not available)
13	%Temp%\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js	207,176 bytes	MD5: 0xA4FDD77E182BD2FABE300A47B5617A35 SHA-1: 0xE002B335C75B5EDEFCD251962F61F53A2AB8E0F2	(not available)
14	%Temp%\mediaget-installer-tmp\js\jquery.min.1.6.4.js	91,668 bytes	MD5: 0x219073097031D9C1A95A1291D66F3A10 SHA-1: 0x2B7996B01D90B7F424F2A2E6063947461DB4B2B2	(not available)
15	%Temp%\mediaget-installer-tmp\stub.html	427 bytes	MD5: 0x63DAF411507F350D52CBE6E0D0606C87 SHA-1: 0x30CE53EFBF047341CF78A839152D45111C8852E7	(not available)
16	[file and pathname of the sample #1]	1,012,312 bytes	MD5: 0xD6D85ADF67831B0CB5804961AC3FC2A5 SHA-1: 0x24A7C4E0301F6A0FE58D070DEE18C3CDB09F6D73	not-a-virus:Downloader.Win32.MediaGet.dsl [Kaspersky Lab] Trojan.SuspectCRC [Ikarus] packed with UPX [Kaspersky Lab]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\mediaget-installer-tmp
%Temp%\mediaget-installer-tmp\img
%Temp%\mediaget-installer-tmp\js

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,826,816 bytes

Other details

Analysis of the file resources indicate the following possible country of origin:

Russian Federation

To mark the presence in the system, the following Mutex objects were created:

mediaget-installer-singleapplication-mutex
_!SHMSFTHISTORY!_

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.