home

uninstall1321562.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall1321562.exe by Via Advertising Group Limited has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. This file is typically installed with the program YourFileDownloader by Via Advertising Group Limited which is a potentially unwanted software program.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1.0.0

MD5:
f12e0521859d43258d41c78c587f982e

SHA-1:
5e8a857b12c726e10af4d5828750721565b0ccae

SHA-256:
58bb5fae6b39d925c8577cfa0676ea7ebf8bc49d0230389b2c28dae05118a9e5

Scanner detections:
14 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 12:15:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-UGW [PUP]
2014.9-131224

AVG
Dropper.Generic7
2015.0.3400

Bkav FE
W32.Clod96c.Trojan
1.3.0.4613

Dr.Web
Tool.DownLoader.42
9.0.1.0358

ESET NOD32
Win32/YourFileDownloader (variant)
7.9190

Fortinet FortiGate
W32/SPNR.28JG12!tr
7/28/2014

F-Prot
W32/Backdoor2.HMVS
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.174.10588

McAfee
Artemis!F12E0521859D
5600.7272

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.Q
14.8.15.17

Sophos
Generic PUA FO
4.96

Trend Micro House Call
TROJ_SPNR.28I112
7.2.358

Trend Micro
TROJ_SPNR.28I112
10.465.24

VIPRE Antivirus
Via Advertising
24590

File size:
4 MB (4,147,120 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\uninstall1321562.exe

Digital Signature
Signed by:
Via Advertising Group Limited

Authority:
VeriSign, Inc.

Valid from:
4/30/2012 1:00:00 AM

Valid to:
5/1/2013 12:59:59 AM

Subject:
CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54119944225483D152EE7DAA2475480B

File PE Metadata
Compilation timestamp:
8/21/2012 3:14:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:qW3xh9bZsqjsC4+HIeYmklZ6J4jfbYJia8KVtLLr:bBjWqPHIeY1lZ6J4jTY8att

Entry address:
0x9785

Entry point:
E8, 8B, 55, 00, 00, E9, 89, FE, FF, FF, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, 49, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 27, 4B, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 00, 99, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24, 85, 14...
 
[+]

Code size:
89.5 KB (91,648 bytes)

The file uninstall1321562.exe has been discovered within the following program.

YourFileDownloader  by Via Advertising Group Limited
YourFileDownloader provides the ability to download various software applications locally. It provides a list and search interface to locate and download appliations. The program does however automatically add itself to the Windows built-in Firewall.
yourfiledownloader.com
78% remove it
 
Powered by Should I Remove It?

The file uninstall1321562.exe has been seen being distributed by the following 16 URLs.

http://dn.yourfiledownloader.com/j5GPVm/VuhBF27lLZdb6biX/uit pbo/.../62WIn54Q7QKWEcAPm1Hleq8xSHejDUArTylwCwooCU4w8Qw7cIwQ3kn4WL5AwTnjA

http://dn.yourfiledownloader.com/j5GDein8iH5S/eYSIfGlaFnVuSs5gbUnPYeyIn/.../IVgHUz1wE1MxeCs52HleIOEdywC8IM5Z6EiOcLLJ8xA==

http://dn.yourfiledownloader.com/j5GMcEub hBW9 Z4S/.../oUQE 3GUwTTyFwB1MtJTYVoFwPcNUdkg3wZMZlkG3fKI7c=

http://dn.yourfiledownloader.com/j5G2Q2vTrBBv2rlaeNW0J2fdoSI5obooebGzO3Omhngv9IB8R7KGNE3ymSwX6cJXGO7EUgHVyU1BiZQLB9gxQxifcBU1nWAfe800T3rP

http://dn.yourfiledownloader.com/j5GoQmXRpFRp0KQUYtz6LmHKvCI5pqsuc qLm6riTxwoIw5R/.../yTBLdsc=

http://dn.yourfiledownloader.com/.../wzxJ

http://dn.yourfiledownloader.com/j5GxX2ebvlpowKhbIfH6JWHJuyM5ubY MLCuciv71WQr 9BhFOXPLEu9iWIa6MFFXamXEF JnVYC1Mw=

http://dn.yourfiledownloader.com/.../nE88vd6OPbvfTGjhCp5qYt5ULGbfVKn0G4Z7MZRG TMVAvGjgZfgMBfCtgnAEuOchorlDRJdMA=

http://dn.yourfiledownloader.com/j5GoUmzUvFot1b5LeNG1ZXrP6HYh9O56LvHqey3ulj53qNhnEuDPKFO2mjJDvMxXHu0=

http://dn.yourfiledownloader.com/.../SuyJ 65YZV4qaCjGyiCM4uJZqE PdbRPn2G0T6dcUQ7WRWgLQyU1FkZ8YV4FlTgrcNA==

http://dn.yourfiledownloader.com/j5G1VCnTpV5n2qhNIcijLCXdtjN7trg/f6uzZHGtmHgs/.../TEF JnVYG1M1JSZ1jBFOFYUpwwj0=

http://dn.yourfiledownloader.com/j5GWXm7GrEl1waMUWtGyKHvMpmw/.../2AHzjtTt757I4TbSacAPm1W0a6cNGHOXTE0HdyFgC0s9cDtAyQBibaB4mzTlLdtJ CiiPfOoqwSS1ag==

http://dn.yourfiledownloader.com/.../KsDV8678 eqj2OX 6kjpxosMjUe3YaBLj2GYZ7sJTCKuYDlbdyVsGwo4aWJ9sGlrRPE5ywjE=

http://dn.yourfiledownloader.com/j5GHUmPFvVJgwaEUT829LGnF/.../jRzcOY NRirZjsX

http://cntb.express-files.com/?wmid=300&q=Art-Blakey---Ugetsu-[eac-aac-nero]&subwmid=261e&ca=bd2f5c5226745df82d17570ef9dee2a9

http://dn.yourfiledownloader.com/j5GGVnLEqlNnn55RY8i0MSWL 3Al67o5d6e2Kn7ulSAj/.../e

Remove uninstall1321562.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.