» hizashi_no_naka_no_real_uncensored_-_added_by_users_downloader.exe
Overview
Analysis
File Details

hizashi_no_naka_no_real_uncensored_-_added_by_users_downloader.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application hizashi_no_naka_no_real_uncensored_-_added_by_users_downloader.exe by Via Advertising Group Limited has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

http://yourfiledownloader.com (signed by Via Advertising Group Limited)

Product:

YourFile Downloader

Version:

1, 0, 0, 293

MD5:

4c37f9c1b6f8c0db5b8ff2bc2402bc6c

SHA-1:

c1ce5c3124b93c1aaac434545347157d66180a52

SHA-256:

0793793555ce7b5ee0885e1ff34aa0e5615eff519f24daec7087fabc7048fc15

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 3:31:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Win-PUP/YourFileDownloader

2015.02.28

Avira AntiVirus

Adware/BrowseFox.aox

7.11.212.236

avast!

Win32:Downloader-UEO [PUP]

150129-1

AVG

Adware Generic_r.PF

2014.0.4257

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Downware.5658

9.0.1.05190

ESET NOD32

Win32/ExpressDownloader.I potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.2244355

2/27/2015

G Data

Win32.Application.ExpressDownloader

15.2.25

K7 AntiVirus

Unwanted-Program

13.1915113

Malwarebytes

PUP.Optional.YourFileDownloader

v2015.02.27.10

Microsoft Security Essentials

Threat.Undefined

1.193.1194.0

NANO AntiVirus

Trojan.Nsis.BrowseFox.dnxihk

0.30.0.296

Reason Heuristics

PUP.Via Advertising

15.2.27.22

Sophos

PUA 'YourFile Downloader' (of type Adware)

5.11

VIPRE Antivirus

Threat.4758264

37788

Zillya! Antivirus

Trojan.Black.Win32.17778

2.0.0.2084

File size:

6.3 MB (6,629,688 bytes)

Product version:

1.0.0

Original file name:

YourFile.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

Language Neutral

Digital Signature

Signed by:

Via Advertising Group Limited

Authority:

COMODO CA Limited

Valid from:

4/11/2013 8:00:00 PM

Valid to:

4/11/2016 7:59:59 PM

Subject:

CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BABC309174F531C6762BBA466401FEAF

File PE Metadata

Compilation timestamp:

6/26/2014 11:43:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:j3YFyqqT8k6mlnBdOt9EWJ4jfbYzfRa2kW6KH0q2UiLNLwUBfJk2n8l+O9:j3YFyqa8pZ9pJ4jTYzv08FiLyUZmvgO9

Entry address:

0x3FB97

Entry point:

E8, E8, F0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, 3B, 47, 00, E8, 23, 78, 00, 00, E8, 3A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 7B, F0, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 73, B5, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.9499 (probably packed)

Code size:

371 KB (379,904 bytes)

Remove hizashi_no_naka_no_real_uncensored_-_added_by_users_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.