» iDesk.exe
Overview
Analysis
File Details
Network (6)

iDesk.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iDesk.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address 207-235-47-8.static.twtelecom.net on port 80 using the HTTP protocol.

File name:

iDesk.exe

Publisher:

Elex do Brasil Participações Ltda (signed and verified)

Product:

YAC Security Protection

Description:

YAC Desk

Version:

6.7.116.29762

MD5:

d7287fa52b13a197cdb32831d4f82296

SHA-1:

30e13e395a46807b86d4ac99c8b1ba86c4f4fc87

SHA-256:

9c33046cadb4d437a5316e0c00fb0f11792e3950f1cebd5a371ab3ec72a6019f

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/30/2024 4:58:23 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.7237

Dr.Web

Adware.Mutabaha.569

9.0.1.0273

G Data

Win32.Application.Elex

15.9.25

K7 AntiVirus

Trojan

13.203.15801

Malwarebytes

FraudTool.YAC

v2015.09.30.10

Reason Heuristics

Win32.Generic.ELEX.Meta

15.9.30.22

File size:

924 KB (946,208 bytes)

Product version:

6.7.116.29762

Original file name:

iDesk.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\idesk.exe

Digital Signature

Signed by:

Elex do Brasil Participações Ltda

Authority:

VeriSign, Inc.

Valid from:

4/12/2015 9:00:00 PM

Valid to:

7/12/2017 8:59:59 PM

Subject:

CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata

Compilation timestamp:

9/11/2015 7:01:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:n4O40S/4WlE8FaPvdotYWzej46SkUzc7+r3DTu6L1mOsgmiuiNpWCtbp/rdFsaL1:n4O4tQZ8YWtYdj46XO3XuPBLEpR

Entry address:

0x861ED

Entry point:

E8, DF, 03, 00, 00, E9, 4C, FE, FF, FF, CC, FF, 25, 28, 13, 49, 00, FF, 25, 2C, 13, 49, 00, FF, 25, 30, 13, 49, 00, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, BA, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, A4, 04, 00, 00, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 16, 5D, 48, 00, 68, 60, 80, 4C, 00, E8, B2, 04, 00, 00, 83, C4, 18, 5D, C3, CC, 55, 8B, EC, FF, 15, 90, 11, 49, 00, 6A, 01, A3, 6C... 
[+]

Code size:

573 KB (586,752 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 54.9d.7e4b.ip4.static.sl-reverse.com (75.126.157.84:80)

TCP (HTTP):

Connects to 52.9d.7e4b.ip4.static.sl-reverse.com (75.126.157.82:80)

TCP (HTTP):

Connects to 99.85.7e4b.ip4.static.sl-reverse.com (75.126.133.153:80)

TCP (HTTP):

Connects to 207-235-47-8.static.twtelecom.net (207.235.47.8:80)

TCP (HTTP):

Connects to 158.subnet180-250-68.speedy.telkom.net.id (180.250.68.158:80)

TCP (HTTP):

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:80)

Remove iDesk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.