home

online.exe

Я.Онлайн

OOO Yandex

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘YandexOnline’.
Publisher:
ООО Яндекс  (signed by OOO Yandex)

Product:
Я.Онлайн

Version:
3, 2, 2, 816

MD5:
5ab922fe1009481b5ef52281f6f1b385

SHA-1:
44b2c4f0d7a4672fbc02f63db3f8ceff6946d1b0

SHA-256:
eca8f36ad15e800c00a5ac8ae0b516dea7ef934f020b54bd96569ef26df9726e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 11:27:19 PM UTC  (a few moments ago)

File size:
3.7 MB (3,866,952 bytes)

Product version:
3, 2, 2, 816

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\yandex\online\online.exe

Digital Signature
Signed by:
OOO Yandex

Authority:
VeriSign, Inc.

Valid from:
2/5/2010 4:00:00 AM

Valid to:
2/5/2013 3:59:59 AM

Subject:
CN=OOO Yandex, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OOO Yandex, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3769815A97A8FB411E005282B37878E3

File PE Metadata
Compilation timestamp:
10/12/2011 5:12:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:GDBrIoUxrgTlvAt1rkwSx8i81mQtWTB6A/hUWGbWfhU46prGB1oAjKGdgi6PIAM4:+LAtIjLYxv4R/Ozka9HjEQTko4ZfCj

Entry address:
0x181C

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 98, B0, 6A, 00, A1, 8B, B0, 6A, 00, C1, E0, 02, A3, 8F, B0, 6A, 00, 52, 6A, 00, E8, 91, 7E, 2A, 00, 8B, D0, E8, DE, 87, 26, 00, 5A, E8, 3C, 87, 26, 00, E8, 13, 88, 26, 00, 6A, 00, E8, 20, B2, 26, 00, 59, 68, 34, B0, 6A, 00, 6A, 00, E8, 6B, 7E, 2A, 00, A3, 93, B0, 6A, 00, 6A, 00, E9, CB, 68, 27, 00, E9, 4E, B2, 26, 00, 33, C0, A0, 7D, B0, 6A, 00, C3, A1, 93, B0, 6A, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, CC, 00, 00, 00, 0B, C9...
 
[+]

Code size:
2.7 MB (2,793,472 bytes)

Scheduled Task
Task name:
{787955ED-A6ED-4901-BBFD-B09B1E090984}

Trigger:
Registration (Runs on registration)


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
YandexOnline

Command:
"C:\Program Files\yandex\online\online.exe" -autostart


Scan online.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.