home

7648_ydropperde.dll

Yahoo! Dropper

Yahoo! Inc.

Publisher:
Yahoo! Inc.  (signed and verified)

Product:
Yahoo! Dropper

Version:
2004, 8, 18, 2

MD5:
52729505f422dd31b688e5fe6a6f31e2

SHA-1:
0ad28d95c0ebed5084f53a6415886631270c6300

SHA-256:
a58214ab839d9a8298be1e3104ee5cf33a8e470ca7bd85ea9f2549b2e618509e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:53:31 AM UTC  (today)

File size:
277.1 KB (283,768 bytes)

Product version:
1, 0, 0, 4

Copyright:
Copyright (c) Yahoo! Inc. 2003-2004

Original file name:
YDropper.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\7648_ydropperde.dll

Digital Signature
Signed by:
Yahoo! Inc.

Authority:
VeriSign, Inc.

Valid from:
7/31/2003 2:00:00 AM

Valid to:
8/22/2004 1:59:59 AM

Subject:
CN=Yahoo! Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yahoo! Inc., L=Santa Clara, S=CA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2001 CA, OU=Terms of use at https://www.verisign.com/rpa (c)01, OU=VeriSign Trust Network, O="VeriSign, Inc."

Serial number:
5B47F3EC8AC676649C35E7883C56A8B9

File PE Metadata
Compilation timestamp:
8/18/2004 9:46:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
6144:dzHP6U4LpHJbtkFH1vLyhf2r/oj5Cr9AGJ4GFaO18MvS:d7PNMHJbt81Du2rM5A9AGJTBhvS

Entry address:
0x26B7B

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 75, 09, 83, 3D, D0, A9, 03, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, E4, C1, 03, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 42, FE, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, BD, 9C, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, 1E, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, 0D, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
188 KB (192,512 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.