We received the file SANCMEDIA.EXE and detected that SANCMEDIA.EXE is not good.
SANCMEDIA.EXE is Adware. You should remove the file SANCMEDIA.EXE.
Kill the process SANCMEDIA.EXE and remove SANCMEDIA.EXE from Windows.
Malware Analysis of SANCMEDIA.EXE
Full path on a computer: %Local Appdata%\SancMedia\SancMedia\SancMedia.exe
Detected by UnHackMe:
SANCMEDIA.EXE
Default location: %Local Appdata%\SancMedia\SancMedia\SancMedia.exe
Removal Results: Success
Number of reboot: 1
SANCMEDIA.EXE is known as:
Adware.SanctionedMedia.A.257, Adware:MSIL.SanctionedMedia, a variant of MSIL.Adware.SanctionedMedia.A, AdWare.MSIL, Adware.Fam.NB
SANCMEDIA.EXE hash:
- MD5: 7dc98f7cb5dc1a73db298dac7302ca35
The file tries to connect to the dangerous web site.
How to quickly detect SANCMEDIA.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SancMedia: “”%Local Appdata%\SancMedia\SancMedia\SancMedia.exe”"
- HKCU\Control Panel\Desktop\SCRNSAVE.EXE: “%SysDir%\ELISHA~1.SCR”
Folders:- %Local Appdata%\SancMedia
- %Local Appdata%\SancMedia\SancMedia
- %Temp%\AppLaunch
- %Temp%\inst43359
Files:- %Local Appdata%\SancMedia\SancMedia\NDde.dll
- %Local Appdata%\SancMedia\SancMedia\SancMedia.exe
- %Temp%\AppLaunch\Service.exe
- %Temp%\inst43359\smd185.exe
- %SysDir%\Elisha Cuthbert Sex-E.ibx
- %SysDir%\Elisha Cuthbert Sex-E.scr
- %WinDir%\Elisha Cuthbert Sex-E Screensaver Uninstaller.exe