» yahoo! messenger.exe
Overview
Analysis
File Details
Downloads (1)

yahoo! messenger.exe

The application yahoo! messenger.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from it.win-install.info.

File name:

MD5:

10d05cf7b922f5f77a4e56fc4856c130

SHA-1:

647878eea275ca7bf48a057038ad90b9dd02db52

SHA-256:

f9085b5c0ef6e5aad8f5b45b17487461c6c89199b3c964613acfba1fa315815b

Scanner detections:

30 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/19/2024 6:22:10 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.MultiPlug.EO

681

Agnitum Outpost

PUA.Solimba

7.1.1

AhnLab V3 Security

PUP/Win32.Morstar

2015.02.16

Avira AntiVirus

ADWARE/MultiPlug.Gen4

7.11.208.20

avast!

Win32:Adware-gen [Adw]

150320-0

Baidu Antivirus

Adware.MSIL.Solimba

4.0.3.15326

Bitdefender

Adware.MultiPlug.EO

1.0.20.425

Bkav FE

HW32.Packed

1.3.0.6379

Clam AntiVirus

Win.Adware.Multiplug-34770

0.98/20238

Dr.Web

Adware.Downware.9692

9.0.1.085

Emsisoft Anti-Malware

Adware.MultiPlug.EO

8.15.03.26.10

ESET NOD32

MSIL/Solimba.AL potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/Morstar

3/26/2015

F-Prot

W32/S-5cbbf643

v6.4.7.1.166

F-Secure

Adware.MultiPlug.EO

11.2015-26-03_5

G Data

Adware.MultiPlug.EO

15.3.25

herdProtect (fuzzy)

variant of guardians.of.the.galaxy.2014.480p.dvdrip.mm.mp4.exe

2015.7.1.4

IKARUS anti.virus

PUA.MSIL.Solimba

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.194.14969

Malwarebytes

PUP.Optional.Solimba

v2015.03.26.10

MicroWorld eScan

Adware.MultiPlug.EO

16.0.0.255

NANO AntiVirus

Riskware.Win32.Downware.dnpahc

0.30.0.65070

Norman

Suspicious_Gen5.BCLOB

11.20150326

nProtect

Adware.MultiPlug.EO

15.02.13.01

Panda Antivirus

Generic Suspicious

15.03.26.10

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.26.10

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Backdoor.PePatch.Win32.64336

2.0.0.2068

File size:

505.7 KB (517,887 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\yahoo! messenger.exe

File PE Metadata

Compilation timestamp:

2/6/2015 9:36:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:WzD5wEXEdUMtup6ozfHMOqhByKalPfH2iQ5L:WzdCd3tuZHMJE9fH2i6

Entry address:

0xB92C

Entry point:

E8, 57, 4D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 09, 42, 00, E8, 3E, 15, 00, 00, E8, 28, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, EA, 4C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 85, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

96 KB (98,304 bytes)

The file yahoo! messenger.exe has been seen being distributed by the following URL.

http://it.win-install.info/yahoo-messenger/download/.../59

Remove yahoo! messenger.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.