» yacdl6_2015.2.4_2.exe
Overview
Analysis
File Details
Downloads (1)

yacdl6_2015.2.4_2.exe

Winzipper Update Package

Woodtale Co.LTD.

The application yacdl6_2015.2.4_2.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.yac.mx.

File name:

Publisher:

Woodtale Co.LTD.

Product:

Winzipper Update Package

Version:

6.0.0.9

MD5:

6f592fc8613d1d81b02ff8bde9966c92

SHA-1:

3c99d57d75cd2688008eca615b1c02a72ee34bef

SHA-256:

d1fc65b8e6dea8c8509bc1897d5df8a6db560322b3ce418baa65bbc7fe16e9ce

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 6:28:59 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160327-1

AVG

Win32/Sality

2015.0.4355

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Program.Artemis!0C2BC46DBF42

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1307.0

Norman

Win32.Sality.3

13.04.2016 10:11:06

File size:

381.1 KB (390,221 bytes)

Product version:

6.0.0.9

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\yacdl6_2015.2.4_2.exe

File PE Metadata

Compilation timestamp:

4/10/2010 5:19:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Q0dgrWHVawAVxhk4KH0r90buBfwUaj1BDNWjZV162UCfafaccI19OwgscrqNgeml:Q0d+DkxH0r90buBfwUajwjB62+facV9g

Entry address:

0x33E9

Entry point:

60, 8D, 05, C9, B4, 13, A2, 8A, D4, 88, D6, EB, 0B, 0F, BF, F8, C7, C5, CF, D5, 4B, EA, 1A, FB, 69, D1, F0, 57, 5C, 60, 89, F7, 8B, CB, 69, ED, 70, 19, A7, BD, C7, C1, 17, 39, F6, 60, 81, FF, 06, AF, 00, 00, 78, 05, 09, DE, 0F, AF, DB, 3B, C7, EB, 04, 14, 15, 20, E4, 81, FB, 5C, F8, 00, 00, 75, 08, 0F, AF, D7, 87, EB, 0F, BE, D0, EB, 05, 48, 84, C2, 89, F6, 51, 0F, BF, FB, 87, DD, E8, 29, 00, 00, 00, 89, CF, F2, 81, FD, A2, 29, 00, 00, 75, 04, 00, D4, 0B, D1, F7, C5, 82, 78, D9, 14, 81, E9, BD, BF, 00, 00... 
[+]

Entropy:

7.9186 (probably packed)

Code size:

25 KB (25,600 bytes)

The file yacdl6_2015.2.4_2.exe has been seen being distributed by the following URL.

http://dl.yac.mx/update/wz/1.5.86/.../YacDl6_2015.2.4_2.exe

Remove yacdl6_2015.2.4_2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.