» yet_another_cleaner_sk_97862.exe
Overview
Analysis
File Details
Downloads (11)

yet_another_cleaner_sk_97862.exe

Setup

Elex do Brasil Participações Ltda

The executable yet_another_cleaner_sk_97862.exe has been detected as potentially unwanted by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

Publisher:

Elex do Brasil Participações Ltda (signed and verified)

Product:

Setup

Version:

1.0.199.30121

MD5:

39caa7c6326dcf36c6f9422c8bb17fa2

SHA-1:

27ae1bf23e2a217f9bcc8788e2a37600a69812f4

SHA-256:

dc25f68e013931440221ed311242581ca9620039bc1a24736f8b2b15cba39bc2

Scanner detections:

1 / 68

Status:

Potentially Unwanted

Analysis date:

5/17/2024 4:51:16 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.ELEX.Installer.Meta

15.12.18.10

File size:

898.1 KB (919,656 bytes)

Product version:

1.0.199.30121

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\yet_another_cleaner_sk_97862.exe

Digital Signature

Signed by:

Elex do Brasil Participações Ltda

Authority:

VeriSign, Inc.

Valid from:

4/13/2015 2:00:00 AM

Valid to:

7/13/2017 1:59:59 AM

Subject:

CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata

Compilation timestamp:

12/18/2015 8:43:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:CZqxP0agXFNY9IvgcC/R/v7BxPlpJsBCk:w40aoFpAxLJI5

Entry address:

0xABFA

Entry point:

E8, FE, 47, 00, 00, E9, 7F, FE, FF, FF, E8, E7, 22, 00, 00, 85, C0, 75, 06, B8, 34, E9, 41, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, B3, 22, 00, 00, 85, C0, 75, 06, B8, 30, E9, 41, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, C8, E7, 41, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8... 
[+]

Code size:

87 KB (89,088 bytes)

The file yet_another_cleaner_sk_97862.exe has been seen being distributed by the following 11 URLs.

http://dw.uptodown.com/dwn/67-7NR-FxE5ojqAJlR8UUW03vpb6QPX-9Fz7dCBwkkMnRFeZ57P3mEDLeheUbz2vINOLjfDfGC08coJK6XMGCdY9jhQLpKQYsOVUbDXgoo_h9-lo93u4Xlu3doAPHLN3/io0aJARFcz3NbCVBDAnh-cLU-egrFJOFnpHh2z7lbdMrt1xiSYgzItoW8LSbQsSaqfdCTwbJ2Kobbu0E9E-otSF65sfipU8N5O7n-KQzLpBaFEb8vKnMQdeJ4znEnXF4/oMDzFV4K7InUmcxhz4nOTdFLvZZvloJdss4hS5OlwIPYKVDNvv2Lye88bz0SU4hUqKqTkK-tG27F3KD01lgY9fNzp4qTk-lPA2ESIEw5584OwjUfqY8ouLZuQ6RQouiS/.../

http://dw.uptodown.com/dwn/Btq79SClpoqYpBziUyayb1B4hBgezAPLcZZIvfbH8TkoLgZYc3I-2ZN8HBgaTm41HcgKiXH6809k_EVDAlyxCqA9LVqLqHkOXbUBCJC_dVWaN3X1QuvH5ED8sm_9vOH4/UueAtUkC4kpkipV2x2qJvzCZj9pch6R1JAMFbb2_xQQKqO3eDSft2sLMkvjFQkc-E2IghjCIU3HE4TT8En_vY_9O5fM1JQgPxK_TPt9he-RpgFFpGqlNZedAz0gJuoto/2-CSa-VIE1i1vIkepL-j1WIhucxCSTGctgnX2KYzmxU5onD8XE3PFAeht1Fvz5jQnwltXvdMAHYQQGj1lFw2hg7CBQzYJb0qBA_iO6gemGyPjU3kFZpX8dzqHAn1S-0f/.../

http://dw.uptodown.com/dwn/J335ATJ7Q0W9vr7ZHqq5B9ZN-HAZarQgFg3y69sQNzYoZvUHV28q38MLH-Supr8jRM1yfecP0M5FNOPkbp9ITTBlbucCMlfQAYmaJ66TyE-6ng7KUsoLCoQPESh4yF9Q/49h2hTDUmraKYOe9j_foMFkbD6XUigcgkatyr7isEIlm_8muNMpPNaeONoZPzDPxHt_oNZ_Qjiopg1AKNYaZLSluqrAmvQC2Uc95XEbHUqv443qPbLUuEzjaZtyV1DT_/.../

http://dw.uptodown.com/dwn/zq-sZbb61w-zsx7VLwK41hGsA5J8u6fo6wwlKRexTGs7ikzVQBCs2Y1iiobO9C6yAOCcGr5gamwD77K4zJszpuIft8DOMTjVERdyrix2tOCDe4UVJ94-Y3HnCBWrpMlX/5ejiMG5PL-qG2sAuJbEfHHCTVDMsfhqNUocCSY8xnnCxA94m1Ow5hTVCpFeo0wDi_qj-UcUNeUVgI1W9DPCTCvdlpN95DbRl1N8uPF69xn1kK4LauXnNvT-kvgznrNx9/DT8jUPUNJM95uLNVXUya-arhyTGb2WUolWeKS111CpT-sNGF2JcG5UIrYu8uO6WV4N1UHGOJGIjjF4KzDgLCVN-9qYezoxVg7m5tS6wPFe0bxEmLXzaKltjrVD4bpKra/.../

http://www.yac.mx/.../7279498

http://dw12.uptodown.com/dwn/vMC2YV3sAwuy_DdRsak1KQqO2zhIx_2nCDIcikqCrY_eYiEW64IJs_FE3IZzm92l8jEKpcAaCgJbMvFthru0mjCR1FpELPmRD6IBEHWC4GyU0r-mFq-Gax1CiIKd0bk3/r3hZB2Cj2KmpIFAC0cTTHueuHqecmsdVmjbsAsEClxeib_L2uSGFbBRO9ZoTmdfpQFqoiOH78zkiJmdtFEMUU9hkBX3PMekfvjotrXWlaeF9iyBRsH2LWHlbwjbMvbUp/Y_ExLuOK8Abz9QBysNSksAeuIw0CoJ7U4txaqIbCp3ylf9PbhMMgBnLGJfUvaplD13S75wqMfDSYJ8RqxAqT138x3k0d5mVFAVc-v8V50zAhIJW0OSKUXSbZB8e20GUG/.../yet-another-cleaner-6-7-136-multi-win.exe

http://dw.uptodown.com/dwn/LaD-ek_W80l24q1Krw0uZ-SrG-GDorBj8PJ7uZpRSXsGzl5dk6ieQl-haVemaEK2lV2ZEsr1FEXafNpV0LLxGpi-mzfRqTzV0dwT_sapnOsiNkEfAZgnPc0by8uSfwVr/reo3luACIrRh9i09EdmCbO7uXy_vm3XJKRpri5aPka1vjxLjc1I5P-wNfL9VFFpUJrNlq-r7MT52z1wl2U1RL78_3O5GkbcVd7GDB4_HVy_-uZni9CNIEleY3ZW1GW4E/xpGv9t0D3e9of7RleUo2XNd4meLcZrYf3b5DiEL7y4IYPr5sRjtbaB4ecqoPb8WBvah2n4D3lE7_qzKIDizIQK0pAttSLfSc0P1WhNlUESYFBxEjFlQ4cyWLQJVdVrrc/.../

http://dw.uptodown.com/dwn/nQl1CNtbjy6o1dcAramQ6I479KzZpS7_peDFMsCf5vkFl0DVPqFXjiB7f3JJntEl-hXDZLfOUShwLb2d0zMypy2HyiBBlM899jQ6coQPZ8I5HJCua-nFKlD2OERWNYCr/uabylgxxUFnW--nxKpOf4dv4pStdg5xp14uWcwB1RQbzn5-KlP3a6aN-TM9M39rHy1mzK3Eg6NB3riL9kV9XvBYFYyK-4QnEm4ZWSoX7DNrEHRUBZ9Hc_1wvBGjg9cov/ciT43ssn0ZKEVadzEgwfbRGTEEjBqE6bgrgQKu98fv0hcDL0D7ptACIHfqCCuwQMKhRy5rQFM-d7Tt1llq1IZXmTfkwXO48RJ5sBH3w4E1TaYloIFsMcpsm75T6AMe6R/.../

http://dw.uptodown.com/dwn/mtJ_DJDRMWBFbpZchNBB_pLkXDTi_xqg7dZkbRKKsvB2Lvz03qH4Cm0xv4p9QPMF2IROh1r8MPdLme_hIvg8nPx8ITV45tdgWArH939P42qYPPzjHpQkBm06RPlU9aSZ/iP3yKjYJePEDpQoHOghONzYofyCmwgerGBN1a-eTnjtfoPFPwREYQKSzOp8y_BItcBAY6I0u0cEURUekVbc6mfy57LkuUnc60B4F2bIEBxVogu40Cpi9hy7tCQxpMQPs/hYN5MIwXEkja_NxPbjYucaZsWyhgj8OOyzqkQJBYNolWCLokbFYEHpgzR4qTJuSDjXFiaXGfXMuTvqxTlsfjHQ6xcp5wxfKoiER04HUOp5O_F5j6tQubTDKWWpqZCOLD/.../

http://r.yac-tech.com/download/.../down.php?pt=rmv

http://r.yac-tech.com/download/.../down.php?pt=hdr

Remove yet_another_cleaner_sk_97862.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.