home

let_s_go_cartel_downloader_99207.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application let_s_go_cartel_downloader_99207.exe by Via Advertising Group Limited has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The file has been seen being downloaded from dn.yourfiledownloader.com and multiple other hosts.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 293

MD5:
2826f03dd0828e3d56b11baeb93cd4e0

SHA-1:
1753a37f7ab98755cc878aaa4d286fc0d529fe44

SHA-256:
a7f4e4cc584295afb66e807180a8cd4eb4e3cc63aa51560b0369141cc980dcbe

Scanner detections:
12 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 11:08:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-UGW [PUP]
2014.9-150127

AVG
Skodna.Bundle_r.E
2016.0.3216

Dr.Web
Adware.Downware.1005
9.0.1.027

ESET NOD32
Win32/YourFileDownloader (variant)
9.9253

Fortinet FortiGate
W32/SPNR.08BP13!tr
1/27/2015

Malwarebytes
PUP.Optional.YourFileDownloader
v2015.01.27.10

McAfee
Artemis!2826F03DD082
5600.6872

Reason Heuristics
PUP.Via Advertising
15.1.27.22

Sophos
Generic PUA BH
4.96

Trend Micro House Call
TROJ_SPNR.08BP13
7.2.27

Trend Micro
TROJ_SPNR.08BP13
10.465.27

VIPRE Antivirus
Via Advertising
25110

File size:
4.6 MB (4,850,096 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\let_s_go_cartel_downloader_99207.exe

Digital Signature
Signed by:
Via Advertising Group Limited

Authority:
VeriSign, Inc.

Valid from:
4/29/2012 5:00:00 PM

Valid to:
4/30/2013 4:59:59 PM

Subject:
CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54119944225483D152EE7DAA2475480B

File PE Metadata
Compilation timestamp:
2/18/2013 12:09:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:RGlZcS44lJH2PGb1GFIJ4jfbYLXn/CyRGNEKcrXfQV7US2acLLn:EZcS44lJegzJ4jTYLXn/PytcDQeow

Entry address:
0xC883

Entry point:
E8, 0D, 66, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 84, 87, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 47, 08, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 00, CA, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24...
 
[+]

Entropy:
7.8724  (probably packed)

Code size:
103 KB (105,472 bytes)

The file let_s_go_cartel_downloader_99207.exe has been seen being distributed by the following 2 URLs.

http://dn.yourfiledownloader.com/.../ZwFkG3dsbSdUwQAjdNkdxwjBC

http://dn.yourfiledownloader.com/j5GgWnLZu14m0axNftDxcS7aoCt 4K8uZLe0IHTulj53qNhgEuTPKFO2mjJDvMxaF zHXxSUilYH18teCdk2RgzZ

Remove let_s_go_cartel_downloader_99207.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.