home

msgr11de.exe

Yahoo! Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with Yahoo! Messenger. The file has been seen being downloaded from rd.software.yahoo.com and multiple other hosts.
Publisher:
Yahoo! Inc.  (signed and verified)

Description:
Yahoo! Messenger Suite Install Bootstrapper

Version:
2013.07.26.01

MD5:
fcef0af908f78ea072bf71c25f56697c

SHA-1:
2e1f1ca197aa27a838983045d97abef67fb1d2c2

SHA-256:
654e64fbd5db9449b078546cbf34f20b7f790f58c3731400b5fb5e1ee6ccc828

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 2:50:20 PM UTC  (today)

File size:
433.6 KB (444,024 bytes)

Copyright:
Copyright (c) 2013 Yahoo! Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\msgr11de.exe

Digital Signature
Signed by:
Yahoo! Inc.

Authority:
DigiCert Inc

Valid from:
11/5/2012 1:00:00 AM

Valid to:
11/6/2013 1:00:00 PM

Subject:
CN=Yahoo! Inc., O=Yahoo! Inc., L=Sunnyvale, S=CA, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
021FF715E9FBA4D508D1AF38122916B5

File PE Metadata
Compilation timestamp:
2/24/2012 8:21:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Ab21UrIQJaRMNgZKesuQrRIirKE0XtRJJU7P:AbDIaaR1KesuQdf8XtbW7P

Entry address:
0x36AE

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, C0, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, AC, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 38, 89, 44, 00, E8, FD, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 48, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, BF, 8A, 40, 00, FF, 15, 70, 81, 40, 00, 68, B4, 8A, 40, 00, 68, 40, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, A8, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
26.5 KB (27,136 bytes)

The file msgr11de.exe has been discovered within the following program.

Yahoo! Messenger  by Yahoo! Inc.
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!.
messenger.yahoo.com
7% remove it
 
Powered by Should I Remove It?

The file msgr11de.exe has been seen being distributed by the following 3 URLs.

https://rd.software.yahoo.com/msgr/.../msgr11de.exe

http://xp.yimg.com/gj/msgr/115/.../msgr11de.exe

http://rd.software.yahoo.com/msgr/.../msgr11de.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.