» diendanbaclieu.net_yusetup7.5.exe
Overview
Analysis
File Details
Downloads (4)

diendanbaclieu.net_yusetup7.5.exe

Your Uninstaller! 7

URSoft, Inc.

The application diendanbaclieu.net_yusetup7.5.exe, “Your Uninstaller! 7 Setup ” by URSoft has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from download.ursoftware.com and multiple other hosts.

File name:

Publisher:

URSoft, Inc. (signed by URSoft, Inc.)

Product:

Your Uninstaller! 7

Description:

Your Uninstaller! 7 Setup

Version:

7.4.2012.5

MD5:

e42fbee1d3643ecc8e83799f24f5f567

SHA-1:

9a764981fdbf04821b0d7ea5433de51f6a827a0c

SHA-256:

068419fa7586c46d690e13f73fb2ff9bc9bd60bbbb049516d777efc18dd7e610

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/25/2024 12:44:58 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.131227

ESET NOD32

Win32/Toolbar.Babylon

7.9253

F-Prot

W32/Backdoor2.HTIG

v6.4.7.1.166

File size:

6.9 MB (7,210,840 bytes)

Product version:

7.4.2012.5

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\compressed\diendanbaclieu.net_yu7.5\diendanbaclieu.net_yu7.5\diendanbaclieu.net_yusetup7.5.exe

Digital Signature

Signed by:

URSoft, Inc.

Authority:

COMODO CA Limited

Valid from:

3/6/2012 7:00:00 AM

Valid to:

3/7/2015 6:59:59 AM

Subject:

CN="URSoft, Inc.", O="URSoft, Inc.", STREET=7241 W. Addison, L=Chicago, S=IL, PostalCode=60634, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2D52C7CF5E69A633AC3AED0E78F988DC

File PE Metadata

Compilation timestamp:

12/25/2011 4:18:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:FpkbicYlHqVEWcmjcGh8QZ0TgYHeRZiEwFbdW7LJh:rkhqycxQUbwLJh

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, B0, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, B0, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9847

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file diendanbaclieu.net_yusetup7.5.exe has been seen being distributed by the following 4 URLs.

http://download.ursoftware.com/.../dl.php?pid=yu2010

http://files.filepuma.com/files/uninstallers/.../Your_Uninstaller__v7.5.exe

http://www.filepuma.com/down/1395423971c2795/your_uninstaller_7.5/.../0/

http://www.filepuma.com/file/1395423971c2795/your_uninstaller_7.5/.../0/

Remove diendanbaclieu.net_yusetup7.5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.