home

yet_another_cleaner_kwo.exe

yacdl

Elex do Brasil Participações Ltda

The application yet_another_cleaner_kwo.exe, “standard installer” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from s2s.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
yacdl

Description:
standard installer

Version:
1.0.108.22616

MD5:
5d0b317d4318bc77c06ecf84a285ed16

SHA-1:
aa6249696c0f7f323b3bdd5f55fe0c67271cda8b

SHA-256:
df840bbc49115126ab87f58dccf5e4cc01bed659092ad4bbcd50432c0f75e26b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/21/2024 11:53:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.ELEX
15.2.6.13

File size:
2.1 MB (2,213,088 bytes)

Product version:
1.0.108.22616

Copyright:
Copyright 2011-2014 Elex do Brasil Participações Ltda. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_kwo.exe

Digital Signature
Signed by:
Elex do Brasil Participações Ltda

Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:o0aC2fscqRgLufzFj/MUwdLW/tYeDDhneCv0863mJ/QvAono9RXORMGHvS8MtMlA:oLnLS9dDlT6fkIZjnYqtIGoeVVLQ

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file yet_another_cleaner_kwo.exe has been seen being distributed by the following 50 URLs.

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=v2M7p9vrz542LLXkiW3CHlkerWSjGmZEHK3bhxfiEIu0qpsJrIj0RzVPmGYgBVMo4TYpu6ssXybnodAZuVUUMk2hPagxJ_vPLKldf6j3z1gn9FRtcv8YOAMnSo-z8BYOXVa7OZYlvfdTbo6Wp_kFCaL3HmAtJye4Ve4f5JQDv2jM4vLuDjSq3xx7niqHaVk0Be5787ScVuIOmMWlM32STgEcElvW2v4nqxLnx2kZSeetXNWacT9Bji7aXRsZ9hvujTRbWcLqc8gqXbLe-2FiXnN0ik2XD9uLTTRtboYeCFC7WXPEJZ0V49lCtlapG_KV2U1Ti9DVhP4KmtEp69emWf-XaKIGkTcZs6zNcqK-zw84GCbKzbqxSBk3NrR8Pe3Uje52UTCPX372IGyAi7DQJbUY4CeDRKf9pnhiyMh41ishxASD08Mr&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=gam&subid=11656

http://mmtrkjy.com/mt/.../&subid1=29556873061423036430

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=4nbjXycCLUxr8nzYRAlgkLrDOT3RVsey1RNXzEoL4wrxg-jtWbcghvJCGIiOQOFToOA_rbECbqqQUFyiX2W980lgdd8iUno_FLvDFheCn4_oNMds5_jENUys6ZJ_rDZyQrgV8sN4pX6jy3jBvstR1B1SEh61ifNMueP8EZEXUe0fdxauBX-Ts3I0a7j06l9DeezDmVfX_SZ_y6jesghPOpT4bNKno6UP55LGR-tEbXW6OFvUAlyOM6zLXaKJIiVrgCiM45pdrXf3QgL5JarJRcSFXsurmvTlVu8wlUr-8peDmPeZpK7r338Y46pvR76DohPxmXynIWM0VAhzm1DRkOZKaiojjXWcQ8ZtVDaYXV8FwIjsqWoiPR6WSyXbFK-_Y0aEWtH4cdjJkNpUH5yqfx4nbR479fP00ZDDh__s31tMFKupQdY&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=c2PKm5Gtc6pQ2Bqkkr-L8Vw6jXG3BeNERKsuyOotBU3Dy8RsmCdmlLzzwsxEkvWsIsmdDTcHV4ofIY6rOFb2t0k7EmyE7sgROuacZ-CIDuCtx237tLZDaNpB7ogI42pQf2MZY7vUU0HTmW8RZYrZHYchP_nSuY146PSFMnjjudYnGOK7X1eKFsQ9Iq-zBUqp4dtFPrQeA4yNerPclP7iySun_cqxGTAX-OMOIB7yYjlkFociprEkF4VQ058KxJs9Ghs8l3vJedeyRDPmT2B9iUxfxs5kMPwnKu5rpmSUXb0nwnbtooEyCLdP8l1rWteRCA3IaB9YUnTXWZU0nz9K-4y56zAM-5oktwIYjSWCSjXgWJs_bDLK3wd0cVr_nKH0qGsVP76gaipLm8xug8-gkzT6DbCJQNMWSWe-8uSmlWdFvdpC&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://mmtrkjy.com/mt/.../&subid1=29557599201423492844

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=wYdfI7DYqR6ibqm1nlZ0TnpJbXZnyE3zBdRfHNhQ3PCSccMtcONXDR0BnPYRyYPTZ2Wij328dQQlKMKHCmlUQzn4tpmRTC8MWxsAo7n1ufIBo_43Sel3gMNH7D-PMuRQQiwKS5foaldtJ7a765e_FjlUGYk9f1MdLOJ4FirVlz7BcunW-K-RrfW7V7MwZlUrIvgFLugUePqT8FgETP9FkRyPC-Pf4jhlimvBom9ZdGs3bAvlU6R1rRnYK2vNvjpux-kgZQcQz2MkxXVNLF4wfjvZPuEC5yAZXy8uMKujUIvgctmn5k6BiRAnXMM5BE_u9n6NQ4kNUyDFO-jqkZqQptSzi0W_5Wf_8gxDRAaaMhxtNENY4a5dTaMm267N_ujK8Pyvh4VQ5_4GOv2dmxrcI6UcnP1S0s9xNYVwsQ-0sHwLqKGK6r9UiPyv&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://dl2.yac.mx/download/.../yet_another_cleaner_muncd.exe

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=O6nuH075WTlRCAECntXO07i02HaUwmUK89nNsUBVOfQgJFkOz54XMvbAUn83FS0LnvTlLwzvBQwDgXFBdy9OA_JtX3yYDesaxlIXtvGiEYyhKLz3Zx93znxpV3RWji5O1Gtd6Y5wtvLg_PbkxL4zeRTTx3Eb8N_WxFV-AV1Y37qMjeZVgyh6ECOsz90ibu8hXrx-4TmaaIbfcC93nwR4xvyzFsvl2wIcw5jLGYwaEBuhg9LjDHjtoL5cTKUkLZqcT3ofUkF3l2VhN0xQU3x8JdelpaRFk-qjNO0S-oMb76IxZsqplQmCUnncLsSYjpW6on81vBIT6isEnKzMrnbTUdc-yxwdNFvISh7v_IdwdXZEQTEOdVDGH1nt9Gx7mwb-gsRCta5U0pE0-XtdEmhlGY4ANrmssSbLfR-yDT6qoOx2Jjtqog_3ZbCVgKYTcUACmKka&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=Ja8NHNaYx9ed50AWM8OEw5mqzjWra9gMIWJZIU8hlu9x43rWiLe58SU46KMy56s4JBz_yY6QFzTp84_CRChOIFp-ccLn-7G7ZhyMDdMyg9WhXIVKHVKgxa67TSMAsZCZka2uLzXro1iyCfq555CRgbfY-McgaSxtJQtVkDHjuoKFkvEJwFenuneDgrCTfh1JeWVLrvmoZhKkpG8QFfotQTdrSZ3F6BzYhsY7hHI8g04Y7CZZiqoftmaZE-NI89iu7kGeP2eaIp7wxSgOBsjSbEx_INFIN5gbcW0NDOYO4Kp7qvEo9D4roq2UCpqqBdv2cZorRP1Tdzjepv90g9VLzxWu5kkjkaegPFAdedVzNDJcptBcih2PPp7l9RkjptxjKQ09Rfr526hCP0zgb1fDmR5CHzwMmQo4QL1IT1onPA9JCnTY8aGOdHaFDewA&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=dne&subid=

http://www.yac.mx/download/.../down.php?pt=mat&subid=152743

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=YiHNc5x95RUqmnnbCM-00YjkNjoZBbtthUqAhiIV7aebEZs4TJ0vjBmXLGMDqkPNCDaWbW-itew8Pu1sRUlBSox1Iycb1N46Qgd0IeuUvI2moBVAI6PFDk6xbYKp2xndKVxh-cJ6FFeW1sfi8EZXQDjvNgPRc_NSbzS0B25lIiiiuQ2npvNrQesJeTtwNUDh5t-17047kd7_hvimWyQfY8V7oJtX0kxUr3-rBM6mi1z1hwlBOPNB0iLyXLCscTkFZxTTFGg-pHCQvaUhbYIJUjMedkSUoTfTcGdwqkzIQeYCaw4QRmOKw9g8zASUs3dv9uuManfMtgsH-kHv4F50hq_sOSldIgJH4eAITM5AQwiYkcSKUGHYaCRBi4MTyyh3GqcaowelnkZ1fqCZFt1BYn8lHqzfcsX0XqoS1nfmetIhcX3Tew&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=ymb&subid=16100

http://mmtrkjy.com/mt/.../&subid1=6276307521423506388

http://www.yac.mx/download/.../down.php?pt=mat&subid=123101

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=p13MPaG1L1QrePcw9y6P_a1Q90NymeIkz0ubFUIv5y4KCI5_A4cvre409kdjXG9_QaylGiuGtaelCDz4nurLzgY1bMp35EOCRBk80Au5vMcBme-Fmk5E48H2CIIAtN9NqhOH3fkR02JQEpd4F_rTlb2_fuTQUgUyHk7kTQR_cfR9S9bog0hb-9mG8M8yX7NV1prdu63a4jot0fBiO_UvCp6SZkG3f_Vu-MLu_7HPgbhMwCC0_dSLEp3f9MGuD-0YEHa04M2j_-xUbWZdUap_vP4ZPPqt8YF_VVzH88j4OR8u4tZcLsJRBMsbb3DSpoewNSZD7ambLkdK_hHywc32LLvyw88oPah6sbDZ6oCbZQ2JnnkAm-4wsk6FHRK2VbWa_OCwLpjMH4ff9mxLWwm5a5S06L53kF-1iVr3UtRBQSk&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=ymb&subid=19932

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=RN0pYPQvSaJ5b1qNT8k_c7L_rsqFp-PMzdXt_XyfQz9_xQbWs555dP9BbINc_fEvLDVi_dmkeVJ7of5ptW43WrEpasiIknkNJJyTvLJqFi-u4o2hxGvpVG59bX85aAuH38IbjIAJ_itOVpozTMiszoDHoDV3AcM-Juec353n7QwwL61pukZyzAuhSXwOpvu7M09BBAGBBj4cpuLKS0BC2rXkBDmsee-5tFMf3xCrvHsLklsdLtLgIoz1zedStOWF4S1K7SdbXTU4ud_o0weukqAJpVNvpRHfzNH3hB869U88Ty46apUvAK8L2zFUd4FtnU-kyAdV-hbL9tbb2uiJ7huWR6juHs71cnOn8-lxgSNd_aCAnsOgFNI_I3fGa9D038SH02qMXwORzqPwQfIGcqMWLtf8CC8b4rHrPdL2OQjFyVx0TC56gGbDAubccUU&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://mmtrkjy.com/mt/.../&subid1=u4d1e214a54d8b28a8f9d55073

http://mmtrkjy.com/mt/.../&subid1=6244302561423512057

http://mmtrkjy.com/mt/.../&subid1=ubc366d2154d65f5644e22560f5

http://serve.popads.net/popOut.php?c=10000000000&a=4171439608&ac=7620415686381261

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=GTx-XVEEQNl0MmvzPEY0C-UFD19nvVoXiz7DjiMIXUlpSplHcTQXgF6T5q_xV4-kSIHug5e1Lt2dBpMDIg190W24YDFHg4iIkZ8DqBDCiFJzzEOumOk7NzQFFA2Vnk1MvYnyMrTY365UB3WLQ4yDjXPeQ1oj2-on2OYfgx5xzgPQC_FSv83dpLD5UnnP0hu6xqj_6t1CoT9LgSSMh1U1MsxlnqoMNYfAdyAfH0h1bBRdrygqyME7pJX5LKIxN0BKVN2MtsPIdMZWvJOE9WRivAx3MwSZRuNY6wNhdbIeGWswVl4HZNZ_MmHBdXdT6H17C-LJ7TU9BmBn_ZLFJFKqWQUHUGZUuhc90BoUMpn9aMIiE29IVtFg2XVIpckCiLTdPcZxHVkFg3n1qUQQ-8BsbSfoL9j-leiTCDpZHZK3V1gxtdjy40yMik762VZ4_INrY2Pm1g7VfyjOuA&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=ovj1NnPcoXubGZKv6c5gbgYo3fzyR5bVmRKgzucg5iwqpovjd2Uj0lvxyUrRRAXXdxHP9FI3w8LHqMHw8RY4ysrAudufkm7pML0gLVJdGevzH2IQd1fdI5OqU1eTIpKmddqWKTjjxhSZwG9LWWcai2D2xTWohCMV9M9wx6QApcivCe2Mt4yDd-5ZHhTixGYPZ-TGAtKnDtydZ6OiQTddq4v0QkRp9w8U_jLnMVfWXGPTTzUp55n4rUT1vnvypwVjz6QSfQYxHCeTvx1jPAMymU-KqC5YVNVL3jmfK-uFRfggKa3TegpueapD884hmRIN_69rxShKvEvvx4XAkTGViubUntYFJKv2vZFCftkH6_BqL1yrfdt2Ua_uznNs0OkZGGpeNQv1X5h-UvF2c_0WvbPsjl4ihL2j5NVByj2PVVddGdKuAwCFbMdCyl-8h2s&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=kwo&subid=

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=vtDRbvtSq0I34SHM31_aCRQc2QJxnfc3PTSPMD_owXVciAmvLwdJX_pgI9BmsjeF-R_MiYId3MWoLBJPkNG9W6oDAUpkvbVxPjnCZrLCM7SFnEV5U1vJDmbkIRZ4NNilkjaxH67uIgGs2NstyJdZsaiUMLKQTG99J1v90hXcJCiypHNkUvDUzY0fogghoL1mgorfloVqjJ2c232BY3pE8AB_atDv3yCB_hth4x-VEIncsrOZCB3XARfRgMsoHkXhTbblruMHNVNSYmtaTUpjJhOs9XyzpdOK_thLcnCnQni6XOJnsBDT_ElKK7yvORbZ1Qsobtg9DGTBhm-XLPjKLlcTC4Qs3xxuVEKBaTvoOH7PPxEiaN52eu3oQu6VnrV-xXuT8KAu6k7jJ04j_kj3DQ16WkAZn_w_BMWPwE_GFELF_nE&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=rgYySyvAzKwU24fnWFC4F_mLbOZnOIvqNAsDsED1LA1YSvBXylHBHa8HoX-4MhqQAmINEtaoOOAR0rXnhM7myoeRUGHoN0dghUN-r4eowwNh7tXV2TV1Lk_MkGLUKgX8ZZksJAbEb7lZP0cEzTxa81rM9-sVYwBrfJV6aK_4RrGeubx5p4oKDCOByh3v7jo3d-RhGCvjSZqXHSJNv_GM7bDZ6rgHhqjcYvS5pC3kNwKZBBpztPzl3iW0DOkCylVWTNwzisuOssyP5sWU8UA6fWRGBWZmHFy8FIz5_p4_oMj6hqnnj0hQMP-vDM-PVOQPX9OvFv6EzHSn38P9furYaRksSG3qgv2jj_jV6c2Q7V_7KQDfWHKGmy5ShlUBJdTdFDJ_umjwPO-uBYdbgY2hY8ZNe110K_jWupV3-ZgcW-fbrepxBS1qLQJIOiZSzg&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://mmtrkjy.com/mt/.../&subid1=u5c6109d154c069554bf7b2be03

http://mmtrkjy.com/mt/.../&subid1=36514242911423481625

Latest 30 of 53 download URLs

Remove yet_another_cleaner_kwo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.