home

yet_another_cleaner_muncd.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_muncd.exe, “YAC Security Protection Setup Program” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from mmtrkjy.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
YAC Security Protection Setup Program

Version:
5.9.75

MD5:
1862bd4289d57ac7b6cd374322ca04a1

SHA-1:
dfe1c628a43a4131f6ee7ba708d7adfe7ff115c3

SHA-256:
83a06ef10870ece5afa5bd1ab15399edb01db154cb58ecf71ef309d1420d65b4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 10:23:57 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.01.24

ESET NOD32
Win32/OpenCandy (variant)
9.11063

Reason Heuristics
PUP.Optional.Installer
15.1.23.12

Trend Micro House Call
Suspicious_GEN.F47V0122
7.2.23

File size:
1.1 MB (1,150,784 bytes)

Product version:
5.9.75

Copyright:
Copyright © ELEX DO BRASIL PARTICIPAÇÕES LTDA

Original file name:
YAC Security ProtectionSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\???? ???? ??\yet_another_cleaner_muncd.exe

Digital Signature
Signed by:
Elex do Brasil Participações Ltda

Authority:
VeriSign, Inc.

Valid from:
6/23/2014 3:00:00 AM

Valid to:
6/21/2015 2:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
12/16/2014 8:26:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:K/xB2AUVbWNLHp0kT1Thvg4ae0Z7SQoGm8OLbLRur+5R:yAKNLJNRThvg45soGQLB5R

Entry address:
0x5B174

Entry point:
E8, 75, AB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, C4, 00, 00, 00, A1, B0, A2, 49, 00, 33, C5, 89, 45, FC, 56, 8B, 75, 08, 57, 33, FF, 89, BD, 4C, FF, FF, FF, 3B, F7, 75, 1E, E8, AE, 2B, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, DC, F5, FF, FF, 83, C4, 14, 8B, C6, E9, 24, 01, 00, 00, E8, E6, 6D, 00, 00, 8D, 85, 4C, FF, FF, FF, 50, E8, DD, 6E, 00, 00, 59, 85, C0, 74, 0D, 57, 57, 57, 57, 57, E8, 8A, F4, FF, FF, 83, C4, 14, 8B, 85, 4C, FF, FF, FF, 53, 6A, 3C, 99, 59, F7, F9, 66, 89...
 
[+]

Entropy:
7.2653

Code size:
497 KB (508,928 bytes)

The file yet_another_cleaner_muncd.exe has been seen being distributed by the following 50 URLs.

http://mmtrkjy.com/mt/.../&subid1=15834632811422212466

http://mmtrkjy.com/mt/.../&subid1=12938439131422192434

http://mmtrkjy.com/mt/.../&subid1=394823851422064713

http://mmtrkjy.com/mt/.../&subid1=35709046361422050397

http://mmtrkjy.com/mt/.../&subid1=u4d1ee5cd51d747501e38efb231

http://mmtrkjy.com/mt/.../&subid1=16081976111422026614

http://mmtrkjy.com/mt/.../&subid1=29911561051422218518

http://mmtrkjy.com/mt/.../&subid1=16059785051422041551

http://mmtrkjy.com/mt/.../&subid1=6276387041421990079

http://mmtrkjy.com/mt/.../&subid1=u576d980354c3f2a963016c4183

http://mmtrkjy.com/mt/.../&subid1=29558011901422141060

http://mmtrkjy.com/mt/.../&subid1=16059819741422208670

http://mmtrkjy.com/mt/.../&subid1=u5e61937e54391ab6721e33b02c

http://mmtrkjy.com/mt/.../&subid1=394577381422062298

http://mmtrkjy.com/mt/.../&subid1=u5fb8151754a780d029c8a4a695

http://mmtrkjy.com/mt/.../&subid1=29556967591422218377

http://mmtrkjy.com/mt/.../&subid1=u025965ed5440224a1d476f1a30

http://mmtrkjy.com/mt/.../&subid1=29557986471422232520

http://mmtrkjy.com/mt/.../&subid1=15833793341422199946

http://mmtrkjy.com/mt/.../&subid1=31573120611421970286

http://mmtrkjy.com/mt/.../&subid1=6289757251422220672

http://mmtrkjy.com/mt/.../&subid1=u92fbc6e15156fce37484ae75d3

http://mmtrkjy.com/mt/.../&subid1=394518691422120527

http://mmtrkjy.com/mt/.../&subid1=31574367401422060843

http://mmtrkjy.com/mt/.../&subid1=u576d247554b982ab24a00ae4d5

http://mmtrkjy.com/mt/.../&subid1=u056c05b354bcf1d05cd52f3245

http://mmtrkjy.com/mt/.../&subid1=u4d1fc21554b47c10882e44c3fe

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=epo&subid=NTczMDF8MTA3NTQ0fFBUfDN8MXx8|d8d97a266a1d4389dee35d271d8c79fc-9118-63173&lplink=http://www.yac.mx/download/.../down.php?pt=epo

http://mmtrkjy.com/mt/.../&subid1=ubc30353854a3fd3935c328fee8

http://mmtrkjy.com/mt/.../&subid1=u5c62a20b545652ca68118e80b7

Latest 30 of 99 download URLs

Remove yet_another_cleaner_muncd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.