» 4yfcw.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

4yfcw.exe

Must have files

Vega Squid

The application 4yfcw.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

4yfcw.exe

Publisher:

Vega Squid

Product:

Must have files

Description:

tiny install

Version:

94.85.124.94

MD5:

1a90fda57ea98845b76f8201e7149dd7

SHA-1:

f4a53313f4a99c50f8d2bdba81793630b6c0ca14

SHA-256:

1372824da4dc5e0bcb2a60b39ff8582a0bdec90632c4030df195207f4d0fe4f1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

5/12/2025 11:20:29 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InstallMonetizer.VegaSqui.Installer.Meta (M)

16.5.10.18

File size:

829.5 KB (849,408 bytes)

Product version:

94.85.124.94

CR 2015

Trademarks:

Kocl

Original file name:

build.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\4yfcw.exe

File PE Metadata

Compilation timestamp:

5/9/2016 8:57:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:QNCxPJXt9WgpYVl3A2sJHCKMqgzhptlJySNmNpLVycG/+3dv+lM174liWBLn4qcG:5ttpol3vEM/H1mbL6OdgReqnT0tH5+

Entry address:

0x99A2

Entry point:

E8, 26, 37, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9... 
[+]

Entropy:

7.5886

Code size:

61 KB (62,464 bytes)

Scheduled Task

Task name:

{905BF669-892B-4C3C-B831-AACAAD55ADF9}

Trigger:

Time

The file 4yfcw.exe has been seen being distributed by the following URL.

http://www.panningmanybanded.site/.../bfad7.exe

Remove 4yfcw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.