home

visualsvn_3.0.4_visualsvn_server_2.5.8.rar_downloader.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application visualsvn_3.0.4_visualsvn_server_2.5.8.rar_downloader.exe by Via Advertising Group Limited has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 293

MD5:
3c5d232652a73ee193f0889a9bb06214

SHA-1:
876ec1c10981c927266b6e14f6f131c24b9e9406

SHA-256:
43c60cf368e6101a682bb7c5db82745019260faa97f3df6e6dbcdf8d5a9d6ac0

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 12:04:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Kazy.133001
6266345

AhnLab V3 Security
Win-PUP/YourFileDownloader
2015.03.31

avast!
Win32:Downloader-UEO [PUP]
2014.9-150331

AVG
Generic
2016.0.3154

Bitdefender
Gen:Variant.Application.Kazy.133001
1.0.20.450

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.StartPage.56734
9.0.1.090

Emsisoft Anti-Malware
Gen:Variant.Application.Kazy.133001
9.0.0.4799

ESET NOD32
Win32/ExpressDownloader.I potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2244355
3/31/2015

F-Secure
Riskware.Gen:Variant.Application.Kazy
5.13.68

G Data
Gen:Variant.Application.Kazy.133001
15.3.25

herdProtect (fuzzy)
variant of anonymox_premium_code_downloader.exe (Adware)
2015.7.5.0

K7 AntiVirus
Unwanted-Program
13.202.15432

Malwarebytes
PUP.Optional.YourFileDownloader
v2015.03.31.03

Microsoft Security Essentials
Threat.Undefined
1.195.1024.0

MicroWorld eScan
Gen:Variant.Application.Kazy.133001
16.0.0.270

NANO AntiVirus
Trojan.Nsis.BrowseFox.dnxihk
0.30.8.659

Norman
Gen:Variant.Application.Kazy.133001
03.12.2014 13:20:04

Reason Heuristics
PUP.Bundler.Via Advertising
15.3.31.3

Sophos
YourFile Downloader
4.98

VIPRE Antivirus
Threat.4758264
29396

Zillya! Antivirus
Trojan.Black.Win32.22131
2.0.0.2122

File size:
6.1 MB (6,345,408 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Common path:
C:\users\{user}\downloads\visualsvn_3.0.4_visualsvn_server_2.5.8.rar_downloader.exe

Digital Signature
Signed by:
Via Advertising Group Limited

Authority:
COMODO CA Limited

Valid from:
4/12/2013 9:00:00 AM

Valid to:
4/12/2016 8:59:59 AM

Subject:
CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BABC309174F531C6762BBA466401FEAF

File PE Metadata
Compilation timestamp:
5/12/2014 10:30:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:ntE1Gz8F0k6m20qcmG3gCIunBdOt9E42n8l+3J4jfbYtMNLwUBfJt:ntEYz20pLl0vQ9zvg3J4jTYmyUZz

Entry address:
0x3F827

Entry point:
E8, D8, F0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, 39, 47, 00, E8, 23, 78, 00, 00, E8, 3A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 6B, F0, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 71, B5, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9464  (probably packed)

Code size:
370 KB (378,880 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.