mediasrv.exe
Intel PROSet\Wireless Bluetooth by Intel Corporation (Signed)
Warning 4 antivirus scanners has detected malware in various versions of mediasrv.exe.
Overview
There are 10 versions of mediasrv.exe in the wild, the latest version being 2.1.0.0138. It is started as a Windows Service with the name 'Bluetooth Media Service' and described as “Provides Bluetooth Media Profiles support”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 1.25 MB. The file is a digitally signed and issued to Intel Corporation by Intel Corporation. Numerous variations of mediasrv.exe have been installed with both Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology and Pharaoh Puzzle. During the process's lifecycle, the typical CPU resource utilization is about 0.0004% including both foreground and background operations, the average private memory consumption is about 4.19 MB with the maximum memory reaching around 6.97 MB and typical read I/O operations are around 46 Bytes per minute.
 Details
|
| File name: | mediasrv.exe |
| Publisher: | Intel Corporation |
| Product name: | Intel PROSet\Wireless Bluetooth |
| Description: | Bluetooth Media Service |
| Typical file path: | C:\Program Files\intel\bluetooth\mediasrv.exe |
| Certificate |
| Issued to: | Intel Corporation |
| Authority (CA): | Intel Corporation |
| Windows Service |
| Service name: | Bluetooth Media Service |
| Description: | “Provides Bluetooth Media Profiles support” |
| Type: | Win32ShareProcess |
Programs installed in
(Note, the programs listed below are for all versions of Intel PROSet\Wireless Bluetooth.)
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
Pharaoh Puzzle is a casual PC video game distributed through the Game Top download portal. The trial verison of the game includes an icon on the user's desktop 'Online Free Games' which links to a par...
Behaviors
(Note, the behaviors below are for all versions of mediasrv.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
- 'Bluetooth Media Service'
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Bkav Security |
1.3.0.4923 |
HW32.CDB.B9f7 |
1.2.0.0071 |
| CMC |
1.1.0.977 |
Trojan.Win32.Krap.1!O |
1.2.0.0071 |
| eSafe |
7.0.17.0 |
Win32.GenPacked.Pn@b |
1.0.0.0040 |
| Rising Antivirus |
25.0.0.11 |
PE:Malware.XPACK/RDM!5.1 |
1.2.0.0071 |
All file variations of mediasrv.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
65.52% |
|
| Windows 7 Ultimate |
20.69% |
|
| Windows 7 Professional |
13.79% |
|
Distribution by country
United States installs about 37.93% of Intel PROSet\Wireless Bluetooth.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
44.44% |
|
| Sony |
22.22% |
|
| Hewlett-Packard |
19.44% |
|
| ASUS |
11.11% |
|
| Acer |
2.78% |
|
