home

msgr11us.exe

Yahoo! Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with multiple programs including Yahoo! Messenger. The file has been seen being downloaded from xp.yimg.com and multiple other hosts.
Publisher:
Yahoo! Inc.  (signed and verified)

Description:
Yahoo! Messenger Suite Install Bootstrapper Setup

Version:
2011.06.28.02

MD5:
fcb4d8a3a03e99f085eacd16ef908a37

SHA-1:
3a8c8115a0b2aa3640bcfae527a955d90e3e52f0

SHA-256:
6fad2bf332c2e22a2c0d043b44c21488fe0ad8cbeb092f8ba0d759e6cc5c708b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 11:03:17 PM UTC  (a few moments ago)

File size:
414.4 KB (424,328 bytes)

Copyright:
Copyright (c) 2011 Yahoo! Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:
Yahoo! Inc.

Authority:
VeriSign, Inc.

Valid from:
8/13/2009 3:00:00 AM

Valid to:
9/3/2012 2:59:59 AM

Subject:
CN=Yahoo! Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yahoo! Inc., L=Santa Clara, S=CA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D7A9A7D12556AB8688CA048C60F6018

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FXh6UrhiGebs6dquJc8VJ3/B3/+sc8lYjD:FXzDebsQ7JcQJ5286jD

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9213

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file msgr11us.exe has been discovered within the following programs.

Yahoo! Messenger  by Yahoo! Inc.
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!.
messenger.yahoo.com
7% remove it
Yontoo 1.12.02  by Yontoo Technology, Inc.
Yontoo is a web browser toolbar and extension. Yontoo collects and stores information about your web browsing habits so they can suggest services or provide advertising.
www.yontoo.com
83% remove it
 
Powered by Should I Remove It?

The file msgr11us.exe has been seen being distributed by the following 9 URLs.

http://xp.yimg.com/gj/msgr/115/.../msgr11us.exe

http://files.downloadnow.com/s/software/12/59/07/.../msgr11us.exe

http://yahoo-messenger.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6OOp6GilJQ=

http://s4.freedownloadsplace.com/.../yahoo-messenger-11-11us.exe

https://rd.software.yahoo.com/msgr/.../msgr11us.exe

http://xp.yimg.com/gj/msgr/115/.../msgr11us.exe

http://www.go4it.ro/.../8410726

http://storage0.dms.go4it.ro/media/2/84/12689/8410726/.../msgr11us.exe

http://xp.yimg.com/gj/msgr/11/.../msgr11us.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.