home

yahoomessenger.exe

Yahoo! Messenger

Yahoo! Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Messenger (Yahoo!)’. This is installed with multiple programs including AT&T Yahoo! Messenger and Yahoo! Messenger. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Yahoo! Inc.  (signed and verified)

Product:
Yahoo! Messenger

Version:
10,0,0,1270

MD5:
c0d12e6c85fc6dd7ff1dbb04f2dc933b

SHA-1:
7ad170ac4a784d6ea68a5e9ecaeb462eaa0f9594

SHA-256:
06d3c060abc986ee4ded0991aeafd88367e7922d1364f23948fe98923445bcfd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 4:28:55 AM UTC  (today)

File size:
5 MB (5,252,408 bytes)

Product version:
10,0,0,1270

Copyright:
(c) 1998-2008 Yahoo! Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\yahoo!\messenger\yahoomessenger.exe

Digital Signature
Signed by:
Yahoo! Inc.

Authority:
VeriSign, Inc.

Valid from:
8/13/2009 1:00:00 AM

Valid to:
9/3/2012 12:59:59 AM

Subject:
CN=Yahoo! Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yahoo! Inc., L=Santa Clara, S=CA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D7A9A7D12556AB8688CA048C60F6018

File PE Metadata
Compilation timestamp:
6/1/2010 6:14:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:YeYdEMyYD0DnoFMR4oBPBs++7ZuTdcs24Oa1zzryW:EEMyYmnoorTz+tu5ci3N

Entry address:
0x311555

Entry point:
E8, D7, 05, 00, 00, E9, 36, FD, FF, FF, CC, 80, F9, 40, 73, 16, 80, F9, 20, 73, 06, 0F, AD, D0, D3, FA, C3, 8B, C2, C1, FA, 1F, 80, E1, 1F, D3, F8, C3, C1, FA, 1F, 8B, C2, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 56, 8B, 44, 24, 14, 0B, C0, 75, 28, 8B, 4C, 24, 10, 8B, 44, 24, 0C, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 08, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 10, 8B, C8, 8B, C6, F7, 64, 24, 10, 03, D1, EB, 47, 8B, C8, 8B, 5C, 24, 10, 8B, 54, 24, 0C, 8B, 44, 24, 08, D1, E9, D1, DB, D1, EA...
 
[+]

Entropy:
6.4554

Code size:
3.3 MB (3,440,640 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Messenger (Yahoo!)

Command:
"C:\Program Files\yahoo!\messenger\yahoomessenger.exe" -quiet


The file yahoomessenger.exe has been discovered within the following programs.

AT&T Yahoo! Messenger  by Yahoo! Inc.
AT&T Yahoo! Messenger is an AT&T branded version of Y! Messenger.
www.yahoo.com
21% remove it
Yahoo! Install Manager  by Yahoo! Inc.
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.
20% remove it
Yahoo! Messenger  by Yahoo! Inc.
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!.
messenger.yahoo.com
7% remove it
Yahoo!7 Messenger  by Yahoo! Inc.
Publisher's description - “Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live friends without requiring any installation.”
3% remove it
 
Powered by Should I Remove It?

The file yahoomessenger.exe has been seen being distributed by the following 2 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-rEhRPcup8JTh7V-VtBgoobQ8YRd8gTfuRNDXthqkrXw4280dIH2nICwU5hY_EWFRyqtsdt-jko-uK0ko8KHOrw/messages/@.id==ADzmjkQAAAOZUZpxvgAAAMgQ9m0/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaN_w3lQ6vzVX3gJ1Ro7UN85ZbE_cF9gB9A2TSm5APqCg&error=https://ca-mg6.mail.yahoo.com/.../iframemsg?id=003f54b9-9127-38b4-1e09-01c8621521cb&ymreqid=634a3c6e-25f0-4673-01c6-7203da010000

https://mg.mail.yahoo.com/ya/.../imIAABSfVZoPGQajOHCzC2k&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.