How to remove Mediahit.Update.Process.exe

» File
File Details
Overview
Analysis

Mediahit.Update.Process.exe

The module Mediahit.Update.Process.exe has been detected as Trojan.LoadMoney

File Details

Main Info:

Product Name:	Mediahit.Update.Process
Company Name:	Portland Media LTD
MD5:	7f65307e856c6e871e0afc42365560b3
Size:	446 KB
First Published:	2017-07-18 17:13:39 (7 years ago)
Latest Published:	2018-09-24 20:11:52 (6 years ago)

Analysis:

Status:	Trojan.LoadMoney (on last analysis)
Analysis Date:	2018-09-24 20:11:52 (6 years ago)

Overview

Digital Signature

Signed By:	LLC Pentagon
Status:	Invalid (digital signature could be stolen or file could be patched)

Common Places:

%sysdrive%\winctrl-1n6iicr\backup set 2014-01-19 190003\backup files 2014-01-19 190003\backup files 2.zip\c\users\кирилл\appdata\roaming\mediahit

%sysdrive%\winctrl-1n6iicr\backup set 2013-11-17 222839\backup files 2013-12-15 203747\backup files 1.zip\c\users\кирилл\appdata\roaming\mediahit\shadow

%sysdrive%\winctrl-1n6iicr\backup set 2013-11-17 222839\backup files 2013-12-15 203747\backup files 1.zip\c\users\кирилл\appdata\roaming\mediahit

%sysdrive%\winctrl-1n6iicr\backup set 2014-01-19 190003\backup files 2014-01-19 190003\backup files 2.zip\c\users\кирилл\appdata\roaming\mediahit\shadow

%sysdrive%\winctrl-1n6iicr\backup set 2014-02-23 190005\backup files 2014-03-03 151256\backup files 1.zip\c\users\кирилл\appdata\roaming\mediahit\shadow

%sysdrive%\winctrl-1n6iicr\backup set 2014-02-23 190005\backup files 2014-03-03 151256\backup files 1.zip\c\users\кирилл\appdata\roaming\mediahit

%appdata%\mediahit\shadow

Geography:

	70.0%
	30.0%

OS Version:

Windows 7	90.0%
Windows 8	10.0%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x0006fcbe

.NET Info:

MVID:	d56b1117-5441-41fe-b430-fa5892583d47
Typelib ID:	63d3beff-fb97-43aa-accd-bef5e0c2a162

PE Sections:

Name	Size of data	MD5
.text	450048	32ca7886dbb5c1897360fa362ff95029
.rsrc	2048	3846f947087c41fe58ed4a7bba5e0e84
.reloc	512	fd949406456816cb2f48c383da1f06d9

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for Mediahit.Update.Process.exe

copyright for information about Mediahit.Update.Process.exe