home

julie_andrews_-_cinderella_-_original_broadway_cast_waltz_for_a_ball_(orchestra,_ensemble)_downloade

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file julie_andrews_-_cinderella_-_original_broadway_cast_waltz_for_a_ball_(orchestra,_ensemble)_downloade by Via Advertising Group Limited has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
http://yourfiledownloader.net  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 293

MD5:
3e96bdd8df86a3501f1e3f21169cd99b

SHA-1:
9cf19df7ae0b7f951e29808f7b9976bf8c3d27ad

SHA-256:
9fb06eb3a09d7195f02fbd3ca21e76d4c402e36854d19704d9a9297c09b4edc6

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/18/2024 5:11:17 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/YourFileDownloader
2015.01.26

Avira AntiVirus
ADWARE/BrowseFox.Gen
7.11.205.14

avast!
Win32:Downloader-UEO [PUP]
150102-1

AVG
Adware BundleApp_r.AE
2014.0.4253

Dr.Web
Adware.Downware.6444
9.0.1.05190

ESET NOD32
Win32/ExpressDownloader.I potentially unwanted application
7.0.302.0

G Data
Win32.Application.ExpressDownloader
15.1.24

K7 AntiVirus
Unwanted-Program
13.192.14746

Malwarebytes
PUP.Optional.YFDownloader
v2015.01.25.03

Microsoft Security Essentials
Threat.Undefined
1.191.3234.0

NANO AntiVirus
Riskware.Win32.Babylon.dffshm
0.30.0.64812

Reason Heuristics
PUP.Via Advertising
15.1.25.15

Sophos
PUA 'Go For Files'
5.09

VIPRE Antivirus
Threat.4758264
36694

File size:
6.8 MB (7,128,528 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.net (C) 2012

Original file name:
YourFile.exe

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\julie_andrews_-_cinderella_-_original_broadway_cast_waltz_for_a_ball_(orchestra,_ensemble)_downloader.exe

Digital Signature
Signed by:
Via Advertising Group Limited

Authority:
COMODO CA Limited

Valid from:
4/11/2013 5:00:00 PM

Valid to:
4/11/2016 4:59:59 PM

Subject:
CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BABC309174F531C6762BBA466401FEAF

File PE Metadata
Compilation timestamp:
8/6/2014 7:22:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:2Kft2ZYqa8pZ9pJ4jTY0d90/A1yUZOXvgq:2KfF8pZ9pb0zwosvgq

Entry address:
0x40297

Entry point:
E8, 58, F0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 4C, 47, 00, E8, A3, 77, 00, 00, E8, 3A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, EB, EF, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F1, B4, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9552  (probably packed)

Code size:
373.5 KB (382,464 bytes)

The file julie_andrews_-_cinderella_-_original_broadway_cast_waltz_for_a_ball_(orchestra,_ensemble)_downloade has been seen being distributed by the following URL.

http://dn.yourfiledownloader.net/j5GPQm7ZrBBH2qlNb8 iaCOXli58pLw5c6ixLjHlyhxspYI TLGFcGSmgj5Or5AaBZ UFEbLrgpakIdEfIdzWH/HRxYunCJedMxCDSmQdPA6jnSiYEMyzjh3eOI4ZES2bDUD4xEtGK9WIxmpXyAHmkhvQMUFTVDPSx0Enk0aZ8ALTizTvwlwirEGa8/rSiWt604KrvZ9au3hKTSrp39R4Lg4HKfHbQ66yzEe d4qEIXINRa4xhkJjotWW4zWAeKYg12jgqNNyrPgGOrCrxa3da8Q/GON9PBms7msO q/lSbvvZMuxOTAdoOpnCvar4UW362DHtTD2F/LiYwJitquV4vPsWhr1PQJIMDwVyzMoS8z1PMsd7nkKi n7Swi/.../mGNke13DgQ4t06SL3CBR3llgJRgss=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.