Adware/Websearch
Analysis
This Adware program has the following characteristics:
File Size: 237,568, 116,381, 116,224, or 121,904.
Packer: UPX
Certain samples have the description of "Media Gateway".
Certain samples have the internal name of "LoaderX".
Certain samples have the product version of 1.20.- Upon executing the file some harddisk I/O will occur. There are however no graphical cues to it's existence.
- The program will then create the directory:
C:\Program Files\Media Gateway
- The following files will be dropped:
C:\Program Files\Media Gateway\Info.txt (File Size: 0)
C:\Program Files\Media Gateway\mediagateway.exe (File Size: 237,568). The following registry keys will be created:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Gateway
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Media Gateway
Note: The last registry entry is a common technique to ensure that the program is executed while booting Windows.The executable mediagateway.exe will then display popup and/or popunder ads while the user is browsing websites.
The program may attempt to contact public.windupdates.com for additional downloads.
Recommended Action
Uninstall should be possible via the add/remove programs control panel applet. The program is named "Media Gateway".
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |