» ykjzf.exe
Overview
Analysis
File Details
Downloads (1)

ykjzf.exe

Stpll

6whR6B

The application ykjzf.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.semiofficialkestrelkestrels.webcam.

File name:

ykjzf.exe

Publisher:

6whR6B

Product:

Stpll

Description:

cmpnnt

Version:

227.119.131.207

MD5:

8b3cebb02f7fb9477faa18fa0c97ad7d

SHA-1:

a3051a7d013815fb48f114696dc2bb127ed7c7d6

SHA-256:

465c96f033cafb59c3ded64906ee7b81468bd4fb4f2c5f15d5d8532a53b31d4c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/3/2024 4:37:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Amonetize.RE (M)

16.6.23.16

File size:

437.5 KB (448,000 bytes)

Product version:

227.119.131.207

Trademarks:

p1aeQmqVx

Original file name:

sstup.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\ykjzf.exe

File PE Metadata

Compilation timestamp:

6/23/2016 6:28:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Jzb9koKwX8EGbJvT9A/7bhqUThaGc3SX7:JVPthGbJ9AjDaI

Entry address:

0x82CF

Entry point:

E8, 22, 36, 00, 00, E8, 00, 00, 00, 00, 50, B8, 7F, FE, FF, FF, 03, 44, 24, 04, 89, 44, 24, 04, 58, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, AD, D0, D3, EA, C3, 8B, C2, 33, D2, 80, E1, 1F, D3, E8, C3, 33, C0, 33, D2, C3, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, B8, B2, 41, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 06, F0, FF, FF, 8B, 4F... 
[+]

Code size:

71 KB (72,704 bytes)

The file ykjzf.exe has been seen being distributed by the following URL.

http://www.semiofficialkestrelkestrels.webcam/.../ykjzf.exe

Remove ykjzf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.