GridinSoft Threat Intelligence

MediaGet_id3585745ids1s.exe threat report

Detected as PUP.MediaGet File reputation report
MD5 1a9d37af72eb45483a4d56a7211790a5
Latest seen 2021-11-08 21:17:58 (4 years ago)
First seen 2017-05-24 19:11:34 (9 years ago)
Size 455 KB
Publisher MediaGet LLC
Product mediaget-installer Module
Signed by Inbox OOO

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as PUP.MediaGet. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name
PUP.MediaGet
Recommended action
Scan and remove
Last analysis
2021-11-08 21:17:58 (4 years ago)
File hash
1a9d37af72eb45483a4d56a7211790a5
Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as PUP.MediaGet, part of the PUP threat category.

Category context

Potentially unwanted programs, bundlers, installers, and utilities with intrusive behavior. Related PUP reports help compare this file with nearby detections, publishers, and hashes.

Timeline

First seen 2017-05-24 19:11:34 (9 years ago); latest analysis 2021-11-08 21:17:58 (4 years ago).

Publisher context

Company metadata: MediaGet LLC. Product metadata: mediaget-installer Module.

Digital signature

Signed by Inbox OOO. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Compare the MD5 above with the file found on the device.
  2. Check whether the file appears in the observed locations or under one of the alternate names.
  3. Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the PUP category for related samples and common context.

File context

MediaGet_id3585745ids1s.exe is a Windows file recorded in the ThreatInfo database. It is associated with mediaget-installer Module. The reported company name is MediaGet LLC. The current detection status is PUP.MediaGet, based on the latest analysis from 2021-11-08 21:17:58 (4 years ago). ThreatInfo groups this verdict with PUP reports for broader family-level investigation.

If MediaGet_id3585745ids1s.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as PUP.MediaGet.

File Details

Product Name: mediaget-installer Module
Company Name: MediaGet LLC
MD5: 1a9d37af72eb45483a4d56a7211790a5
Size: 455 KB
First Published: 2017-05-24 19:11:34 (9 years ago)
Latest Published: 2021-11-08 21:17:58 (4 years ago)
Status: PUP.MediaGet (on last analysis)
Analysis Date: 2021-11-08 21:17:58 (4 years ago)

Detection screenshot

MediaGet_id3585745ids1s.exe detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Signed By: Inbox OOO
Status: Valid

The signature on MediaGet_id3585745ids1s.exe is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%profile%\downloads
%desktop%\hersey\yeni klasör (2)
%profile%\музыка
%desktop%\çizimler1
%profile%\downloads\programs
%mydoc%\egdownloads
%sysdrive%\$recycle.bin\s-1-5-21-1263076432-3376334169-500481215-1004
%profile%\downloads\24.10.2016
%sysdrive%\$recycle.bin\s-1-5-21-1553067980-118658055-2133758858-1002
%profile%\downloads\новая папка

ThreatInfo has observed MediaGet_id3585745ids1s.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

226 observed names
call-of-duty-modern-warfare-3-full-turkce-indir_id1280418ids2s.exe call-of-duty_id1014290ids1s.exe call-of-duty_id1014979ids1s.exe hakkarim-net-coklu_id3832457ids1s.exe MediaGet_id4416643ids5s.exe -adeko-63-ngilizce_id2580173ids2s.exe zoomtorrent_id3499227ids5s.exe MediaGet_id4227193ids1s.exe MediaGet_id4552704ids2s.exe MediaGet_id1581737ids2s.exe MediaGet_id1588372ids2s.exe pro-evolution-soccer-2017_id4790269ids2s.exe shadow-warrior-2_id2483566ids5s.exe slime-rancher_id4137379ids1s.exe slime-rancher_id3709152ids1s.exe MediaGet_id1784365ids2s.exe MediaGet_id3803787ids1s.exe MediaGet_id4098670ids1s.exe MediaGet_id3343316ids1s.exe torrent_id2537260ids1s.exe pes-2013-turkce-spiker-v5-full-indir_id3260615ids2s.exe pes-2013-turkce-spiker-v5-full-indir_id3260750ids2s.exe sony-vegas-pro-11-full-turkce-3264-bit-v110701-in_id66297ids2s.exe manga-studio-ex-506-full-tam-indir_id4183404ids5s.exe mashina-vremeni-luchshee_2009_4cd_flactorrent_id2336739ids2s.exe adobe-photoshop-cs6-full-turkce-ingilizce-katilim_id469040ids1s.exe MediaGet_id1219366ids2s.exe $RVQVW2S.exe $R6VU2I2.exe $RY9QKI4.exe $R7S23NZ.exe nero-7-premium-full-711100-turkce-tam-indir_id4947999ids2s.exe office-gorsel-egitim-seti-2010-dvd-turkce-tek-lin_id1125796ids2s.exe MediaGet_id3512461ids5s.exe microsoft-office-2010-toolkit-orjinal-yapma-_id3014751ids5s.exe mekan-mini-hack-v10exe_id2646693ids2s.exe miniexe_id2646786ids2s.exe wolfteamdriverradarprosuzrkarakter_id2645227ids2s.exe wolfteam-hack-dostindirrar_id2645882ids2s.exe MediaGet_id2641408ids1s.exe call-of-duty-ghosts-2013-pc-rip-ot-rg-mehaniki_id4912670ids1s.exe call-of-duty-advanced-warfare-2014-pc-rip-ot-scor_id4913530ids1s.exe dayz-standalone-repack_id4946087ids1s.exe call-of-duty-advanced-warfare-2014-pc-rip-ot-scor_id4912068ids1s.exe $R1IYYHI.exe $RI1D6UQ.exe butyrka-diskografiya-2002-2015-mp3-320-kbps-seedo_id4449581ids5s.exe joker-darbe-mp3_id3022811ids1s.exe femyaynlarygs4geneldeneme_id3195603ids5s.exe $REBP94G.exe $RTNU1O6.exe $RLUQEHV.exe femyaynlarygs4geneldeneme_id3195611ids5s.exe femyaynlarygs4geneldeneme_id3195609ids5s.exe MediaGet_id4238452ids5s.exe $RLSBC7H.exe sunless-sea_id4499085ids5s.exe sunless-sea_id4382391ids5s.exe sunless-sea_id1090765ids1s.exe sunless-sea_id4382493ids5s.exe sunless-sea_id4499117ids5s.exe tell-me-more-ingilizce-egitim-seti-turkce-16cd-fu_id2646167ids1s.exe tell-me-more-ingilizce-egitim-seti-turkce-16cd-fu_id2646134ids1s.exe artmoney-pro-744zip_id3922350ids2s.exe artmoney-pro-744zip_id3922677ids2s.exe anaokulu14151dnemsenebairetmenler_id4431714ids2s.exe MediaGet_id4490187ids2s.exe MediaGet_id432808ids1s.exe MediaGet_id474986ids5s.exe adobe-acrobat-pro-dc_id614553ids2s.exe daemon-tools-pro-advanced-v7100596-katilimsiz_id3053293ids2s.exe MediaGet_id3053405ids2s.exe iobit-driver-booster-pro-full-v404328-turkce-indir_id2422814ids1s.exe -office-2016-katlmsz_id2423913ids1s.exe blur_id1565956ids1s.exe cetabesduzgunilacek-spawnrar_id2447929ids1s.exe adobephotoshopcc1611trke17_id3712906ids1s.exe MediaGet_id4143462ids1s.exe microsoft-office-2010-professional-plus-32x64-bit_id629735ids5s.exe microsoft-office-2010_id2623886ids2s.exe teamspeak-3_id768930ids5s.exe cod-call_id2876754ids2s.exe firewatch-update_id1572406ids1s.exe call-of-duty-1-no-cd---dvd-cdsiz-oynama-crack_id2876593ids2s.exe certified-ethical-hacker-egitim-seti-indir-90_id66406ids2s.exe MediaGet_id2874064ids2s.exe MediaGet_id4700533ids5s.exe MediaGet_id2597555ids1s.exe aragami-indir_id4632121ids2s.exe aragami-indir_id299896ids5s.exe call-of-duty_id4813661ids2s.exe call-of-duty_id4757332ids2s.exe call-of-duty_id4758008ids2s.exe call-of-duty_id4764639ids2s.exe call-of-duty_id4759625ids2s.exe MediaGet_id1151729ids5s.exe pdf-annotator-full-610605-indir_id4826308ids5s.exe kmspico-10200-office-windows-10-aktivasyon-indir-_id3766488ids2s.exe ccleaner513fulltorrentndir_id3798387ids2s.exe slimdrivers-driverupdate-premium-271-full-turkce-_id4829139ids5s.exe avgantivirusinternetsecurityfull_id3796644ids2s.exe rise-of-the-tomb-raider_id4422502ids5s.exe rise-of-the-tomb-raider_id4422455ids5s.exe MediaGet_id1692833ids2s.exe MediaGet_id1998258ids1s.exe deadpool48ptorrentndirfulltorrentler_id4631754ids2s.exe adobe-reader-xi-full-turkce-indir-11017-katilimsiz_id3217444ids1s.exe adobe-reader-xi-full-turkce-indir-11017-katilimsiz_id3217831ids1s.exe MediaGet_id4142159ids5s.exe hdd-regenerator-full-hard-disk-tamir-programi-ind_id1730901ids1s.exe MediaGet_id418152ids5s.exe MediaGet_id4886838ids2s.exe ftarlkgazoz16yerlifilmtorrent_id4564161ids1s.exe MediaGet_id257535ids2s.exe MediaGet_id2215470ids1s.exe hearts-of-iron_id4484063ids5s.exe bandicam-304-full-turkce-indir_id497292ids2s.exe warcraft-ki-dnyann_id3280677ids1s.exe warcraft-ki-dnyann_id3279859ids1s.exe windows-loader-7-2016-222-wat-fix-lisanslama-indir_id1577987ids5s.exe torrent-oyun_quantumbreak-samaeltorrent_id3549410ids2s.exe empire-total-war-full-pc-turkce-indir_id1318399ids1s.exe empire-total-war-full-pc-turkce-indir_id1318536ids1s.exe adobe-photoshop-cc_id1420359ids2s.exe onlinekafatoputorrentindir_id3566286ids1s.exe MediaGet_id2464799ids1s.exe teamspeak-3_id1634760ids5s.exe kniga_id1490540ids5s.exe MediaGet_id11139ids1s.exe hamachi-v220410zip_id62350ids1s.exe MediaGet_id4392126ids2s.exe teamspeak-3_id1853233ids2s.exe MediaGet_id3735558ids5s.exe adele-25-target-exclusive-deluxe-edition-2015_id1482646ids2s.exe need-for-speed_id1879975ids2s.exe need-for-speed-most-wanted-2-full-turkce-indir_id1878785ids2s.exe MediaGet_id2404575ids5s.exe MediaGet_id3867734ids1s.exe acronis-disk-director-home-full-1102343-indir_id2937369ids1s.exe MediaGet_id3184123ids2s.exe torrent_4406498torrent_id792460ids2s.exe torrent_4406498torrent_id793007ids2s.exe torrent_5169979torrent_id4213796ids5s.exe torrent_5169979torrent_id1294470ids2s.exe iso-to-usb-indir-bootable-olusturma-14_id367893ids2s.exe dfx-audio-enhancer-12023-skins-indir_id4550800ids1s.exe 7zip_id1547188ids2s.exe teamspeak-3_id1482922ids2s.exe mathworks-matlab-r2015b-86-build-267246-2015-eng-_id2975047ids5s.exe teamspeak-3_id1515308ids2s.exe MediaGet_id2680005ids2s.exe MediaGet_id1390898ids1s.exe MediaGet_id2679786ids2s.exe MediaGet_id2679395ids2s.exe MediaGet_id2679929ids2s.exe office-2016-dil_id3857805ids1s.exe proforma-fatura-rnei_id3782432ids5s.exe skachat-unturned-30-torrent_id1251917ids2s.exe 7framed_id1707289ids2s.exe gabetorruboogeymantorrent_id1348817ids1s.exe MediaGet_id4499018ids1s.exe $RFJBG3G.exe kaptan-amerika-kahramanlarin-savasi-2016-turkce-d_id1451072ids5s.exe MediaGet_id1297145ids2s.exe MediaGet_id1296913ids2s.exe MediaGet_id1297617ids2s.exe MediaGet_id4860732ids1s.exe world-of-speed_id470186ids1s.exe MediaGet_id4861349ids1s.exe MediaGet_id4861653ids1s.exe lego-movie-videogame-2014-pc-repack_id4858954ids1s.exe MediaGet_id767471ids1s.exe MediaGet_id612803ids5s.exe $RES4EZH.exe MediaGet_id1868718ids1s.exe MediaGet_id1869259ids1s.exe -_id2809734ids1s.exe MediaGet_id2860721ids5s.exe MediaGet_id3425346ids5s.exe MediaGet_id1990566ids2s.exe MediaGet_id4933358ids2s.exe napoleon-total-war-2010-pc-repack-ot-z10yded_id4102073ids5s.exe MediaGet_id3797670ids1s.exe MediaGet_id927734ids2s.exe MediaGet_id141126ids5s.exe MediaGet_id3047974ids1s.exe MediaGet_id2910601ids1s.exe mx-player-pro-189-turkce-full-apk-indir_id384095ids1s.exe mx-player-pro-189-turkce-full-apk-indir_id2306804ids1s.exe MediaGet_id3127547ids2s.exe MediaGet_id339966ids1s.exe torrent_518226torrent_id4594087ids2s.exe pes-2013-full-turkce-v104-dc-600-spiker-indir-kur_id1285719ids5s.exe bandicam-full-indir-v3251125-turkce-2016-tr_id4426540ids1s.exe MediaGet_id3043953ids2s.exe MediaGet_id3044034ids2s.exe MediaGet_id3708380ids2s.exe loader_by_daz_id3708098ids2s.exe kmsmicro-v501-by-ratiborus-ruseng2013_id3632562ids1s.exe MediaGet_id2366459ids1s.exe MediaGet_id2366483ids1s.exe MediaGet_id1660516ids2s.exe metro-last-light-redux-2014-pc-repack-ot-rg-freed_id4827473ids5s.exe winrar_id872213ids2s.exe MediaGet_id2688282ids2s.exe $RSEUJLH.exe $RU4PTNN.exe $RTLP6J0.exe $R5Y26HP.exe prototype2proper-skidrowtorrent_id2505043ids1s.exe prototype2proper-skidrowtorrent_id2505443ids1s.exe pes-2013-yeni-yama-portikalnetrar_id2476664ids5s.exe MediaGet_id3795270ids2s.exe reloader_id1572125ids5s.exe MediaGet_id1404832ids2s.exe microsoft-office-2007_id4566435ids5s.exe microsoft-office-2007_id4559955ids5s.exe -caesar-3-full-ndir_id4161554ids2s.exe caesar-3-fullhtml_id4162593ids2s.exe caesar-iii-torrent-turbobit-full-indir_id4159699ids2s.exe MediaGet_id2368367ids2s.exe vibersetup_id1104318ids2s.exe MediaGet_id3998445ids5s.exe rocket-league_id1104474ids1s.exe MediaGet_id1571944ids2s.exe MediaGet_id3585745ids1s.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen MediaGet_id3585745ids1s.exe across 12 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Russian Federation
Share 42.5%
Low High activity

The strongest geographic signal for this file is Russian Federation with 42.5% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 50.5%
Windows 7 32.0%
Windows 8.1 11.3%
Windows 8 4.7%
Windows Server 2012 R2 1.5%

The most common operating system signal for MediaGet_id3585745ids1s.exe is Windows 10 with 50.5% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

MediaGet_id3585745ids1s.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe
Architecture 32-bit
Subsystem Windows GUI
Entry point 0x000ec060
Image base 0x00400000

PE Sections:

Sections 3
Raw data 454144

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

UPX0 0 bytes · 0.0% of section data
Packer marker Uncommon name
MD5 00000000000000000000000000000000
UPX1 259072 bytes · 57.0% of section data
Packer marker Uncommon name
MD5 6b836666843090e91930f9be6c9d2d92
.rsrc 195072 bytes · 43.0% of section data
MD5 2241e78daeb8d3b8cbd582f63a1f3919

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as PUP.MediaGet

This report identifies MediaGet_id3585745ids1s.exe by MD5 1a9d37af72eb45483a4d56a7211790a5. It is part of the PUP report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

  • Compare the local file MD5 with 1a9d37af72eb45483a4d56a7211790a5.
  • Check the file path, publisher, and signature against the details in this report.
  • Run a GridinSoft scan and remove the object if the same hash is found. Use the PUP category to compare similar reports.