home

yacdl6_2015.3.5_out.exe

nsis_Installer_dl_installer

tony to do DLT

The application yacdl6_2015.3.5_out.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.yac.mx.
Publisher:
tony to do DLT

Product:
nsis_Installer_dl_installer

Version:
6.0.0.13

MD5:
98f90d154b9b9ecbd3092199cf8d0a26

SHA-1:
405576f0e1d4965972424820235c8107b5abf37c

SHA-256:
91e5381822c93fb38facf4a45316de73158aa56e53bb6332e8e585155cd250a4

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 1:01:17 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160327-1

AVG
Win32/Sality
2015.0.4355

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Program.Artemis!6F62FC863453
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1307.0

Norman
Win32.Sality.3
02.04.2016 17:35:19

VIPRE Antivirus
Threat.4721115
48434

File size:
270.4 KB (276,878 bytes)

Product version:
6.0.0.13

Copyright:
Copyright 2011-2015 tony to do DLT. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\yacdl6_2015.3.5_out.exe

File PE Metadata
Compilation timestamp:
4/10/2010 5:19:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:P0IgfWHVawAVxOBWnXBkjK8toPjTnYJitdMJWBDvtP2:P0IaMMBOKPgHWBB2

Entry address:
0x33E9

Entry point:
60, 74, 04, 8A, D9, 0B, C7, FE, CA, 33, F5, 2A, F8, 73, 03, 0F, BE, FA, 81, FF, 23, 4A, 00, 00, 72, 08, 8D, 2D, F7, 1C, E2, E0, 8A, D7, FF, CB, 84, F7, 55, 46, 89, F3, 5F, EB, 05, FE, CE, B3, A6, F2, 3C, B5, 03, CF, 76, 07, 46, 69, C5, 2C, B6, 54, C1, 20, CE, 43, 81, FF, B2, 05, 00, 00, 76, 05, C6, C4, DD, FF, CD, 74, 09, 35, B6, AA, EA, 56, 88, D3, 84, C2, 34, A5, E8, 10, 00, 00, 00, 0F, AF, F8, F7, C7, 5B, 52, 30, AB, 0F, B7, FB, 38, EF, 3B, C2, EB, 06, F7, C5, B7, 06, B1, 82, 2A, FA, F2, 32, D0, 80, C8...
 
[+]

Entropy:
7.8630  (probably packed)

Code size:
25 KB (25,600 bytes)

The file yacdl6_2015.3.5_out.exe has been seen being distributed by the following URL.

http://dl.yac.mx/update/new.2.0/wz/1.5.90/.../YacDl6_2015.3.5_out.exe

Remove yacdl6_2015.3.5_out.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.