» YourFileDownloaderInstaller.exe
Overview
Analysis
File Details
Downloads (9)

YourFileDownloaderInstaller.exe

YourFileDownloader Installer

http://yourfile-downloader.com

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file YourFileDownloaderInstaller.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dll513.yourfd.net and multiple other hosts.

File name:

Publisher:

http://yourfile-downloader.com

Product:

YourFileDownloader Installer

Version:

1, 0, 623, 1

MD5:

c3be5657d0a03992c6367fd88de00b55

SHA-1:

3e7451be8a4b74dd2f2df37112e0103978bc9f19

Scanner detections:

13 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/30/2024 4:21:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.589566

673

avast!

Win32:Dropper-gen [Drp]

2014.9-150403

Baidu Antivirus

PUA.Win32.ExpressDownloader

4.0.3.1543

Bitdefender

Gen:Variant.Kazy.589566

1.0.20.465

Dr.Web

Adware.Downware.10745

9.0.1.093

Emsisoft Anti-Malware

Gen:Variant.Kazy.589566

8.15.04.03.08

ESET NOD32

Win32/ExpressDownloader.K potentially unwanted (variant)

9.11420

G Data

Gen:Variant.Kazy.589566

15.4.25

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.2248

MicroWorld eScan

Gen:Variant.Kazy.589566

16.0.0.279

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Bundler.Via Advertising

15.4.3.8

Trend Micro House Call

Suspicious_GEN.F47V0403

7.2.93

File size:

3.8 MB (4,012,544 bytes)

Product version:

1.0.0.1

Original file name:

YourFileDownloaderInstaller.exe

Bundler/Installer:

YourFile Downloader

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\uhmhc6p2f8.tmp

File PE Metadata

Compilation timestamp:

4/2/2015 6:52:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:COSrCxzOM4t36CX0Hs1DPye+EC5leRNgB9sbvjiOoN0v9u+aYZv/vM4Ow+D/aX9m:COYCAt367e+xj6bvt9PTZHUVnDaa1N

Entry address:

0x8C67D

Entry point:

E8, 85, C7, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, F1, 4E, 00, E8, 2D, E4, 00, 00, E8, 6E, B2, 00, 00, 0F, B7, F0, 6A, 02, E8, 18, C7, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 1B, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

800.5 KB (819,712 bytes)

The file YourFileDownloaderInstaller.exe has been seen being distributed by the following 9 URLs.

http://dll513.yourfd.net/j5GVX2PDrGQx6/8PO4mOB1j4hy5in5Q/ZKOwaW673GIq/t1nF HebxbynipIsZVeH zFVAbWzU1GhY8bVI1zLFeIOERkhHsaIJJkHBWMaPMrwSahMWxw6D05LKkubFLMNmNW419kQf4HcF7xD2wfwAFxE9MWU2bIGVFT2whRfOA/CjfS41wW2OpdLtTVVj7 vhoho EfMLurcXP r35P4KZiV/.../LzJtEn9H8V8 e8QEw0qoKNIP0Wmja6CY6jbN JfG4cyGi7it4 NU=

http://dll513.yourfd.net/j5GVXmHjqEIr5L9QJ5X8E2bToSg/hb0iYquvYmz5z2Qw/MtmBKSaZhfg32cb7cRbH rTFEeCkA8L1c1fDt40RBicZAU2nmwJGZ1pQnneZfEvmnPuMV9t8iZhILh8a036PWcYpkRkTeg5fELsHiVFywt9UdQcRU2FFUtQiQ5MMuwdQzDZ9kIwhs9wa83vWT2c7VA8pPkfN6SrdHu7/.../2O9QY83wCT A4SBojbZwcaPqLif8vHYrrYQwKfvSNBDh3m4VsIw=

http://dll513.yourfd.net/j5GPWHvdoFIo16JSLMyifj I538i8u94J/37PG qiDcj/dVnFubdYgCkjC1etpQRcbWRWgHGjRlXgpsGWbd1Ck6JOE9kk2USJZ8wTmyMdfARlHr0Jj1t4zNlefw0bVW9PWNIsRZ0WsQFe1jxHmpInjpLE9UXQVX0FUhUzBF3L9xDHGPD5kMW0vYJf46zFmf7oA5n/.../ExYRLyZmkUcvIoAA0ifBfMoX1Dmvb6XM8jOEm

http://dll513.yourfd.net/j5G2VmzarF5wn6Zeete MSXOsCR7sLw4PaayIHHjiD01pIw5RrnCfhTsnTtM/cNaSK6QAhyIjQZawokcB9k1QQbcMEZ1xD5dNYFvFi7FILN zyOwayZp6iRwc ooV0j3Yz8D4xBxT/0Pd3LrE2hUnl86VssbQ1KWRwJJywl3KdwNWHjD6lUo3/VaKMukWz6uqEgxtM0jNr74MC 2pwEv9ewpBLv9MwWyxT8yscVlQcXaOAa42xBE2oZVU92IWa/CjVqrxvRCr46nK WeuRCsZvsaoWG0s/xt77H7O7y7kCW7vcMvg6TIeNDxnynZ/NAFm/2IZLqG1UzLwdMJmcm1DsuKtUVt1LxYcuukWzeK9zFv0rF6I/.../HTYhS13m0f5YtqGrvDVhvkxl4H1ptZBIDMCwyKOEAP2w==

http://dll513.yourfd.net/j5GtWG/VpFpi0eBYf9b8M2LduzQ/sL0tMLCuciv802su NZiFefPKFO2hDsX6cFTGuTDXhSQmBlCipgdZYFlTg3KcQUjlm8SJat5BjqdLLJon3nuMWskunBwefwFYE7gKjFR/wdxTegIcVmxCXdchRp4RvgRT0zFAlZEkjh6Z8EbTSno4Vwg2O1rI9C3CHe36k8KruJ9aPOgam/9rmZQ5KtiVO Rdhy6 TwMrMJlR4GcaRPUhwUfjdIBH9beCbbA2wm8lKAVsMj2EuzM8xq3dq9B1k/07P42s q7bLv8nCb4/.../NJjJg==

http://dll513.yourfd.net/j5GhWHXepVRn0OBVY9a4N2fdoShg7ehlJ rlYSjlhzxs4ZI TLSGLFX52nIc7NwBR6jbFVOS3x9F2cxbCNAxRQbaNUVkg3wZL5AwTnrIIbZ/zzP3M3Jt5TN2QuY NRW1Kn5E8QR5SsQSbV36VyEXwAJ1VsxPER/fEldixxVbNY4JSSfb614i2uJHY9zlVXe36k8KpP01N7/kPWCf0W4Ttv8gOrTOOQqw ToC4pp BYfdAxyXj1NAxYVSU92LRrLBmBnkqKoR pP7Q7qaqUClYqhLpjHisqwz5rWtOeq7lyrr7cAl0vWZItey2H7X2/.../IHO94H0sroJkLK7QbkTo2GkXtohsE7uQBh7swldT0MEOD4GY

http://dll513.yourfd.net/j5GmWG/Dplct2bhTftGhK3fPvCRh6 1lJe 7PX tyjdxu4s7TbGNcEWmjDxBvZVFWq/IVgbSwVoE1MpZD85yBlyFYUpzwDlIcMM0WTqZY/cgmWfYO2QkuHBwb 48bkjwAXhc5wctHL0FeET8ASUAhRp4RvgaT0rfS1BVyhtMMt0bWGvU7V1vz JHEtzlTT 3/EVojtZmK673KAKs9iECuMEiCuqSdh2/1QsEr5dpQNOAa0PJg1RAxYddRcnPCd6b3x/tyqBJv5iiTevH UqpNPhKpGXrsa0z5LyvPO/ulie8upwgxOXIJqXci3ONpdRNyP/UU8 NiA2G1tJLj8u1bJfI AUkwqhVYon8DTyA52V6gb1heaWgdnP35Skp NE1L/.../w15W05xS

http://dll513.yourfd.net/j5GgRGrfuRBl26laId 0LWvOtDN9svIlee uOmi hCo4uJZqE TbYxbt32oa7tcQW76cAw/RyVsC0slWHJhgAUqCYAUdmW1GddJ5DSued oto2H ImUks3BnceY5YxyieHhB5D14RugSKVn3D3lV0AB5QYkRT1SNAkBO8BlHNN0KXjyKw3VvyeNVIeDpVDig5WM7qK9wf7/yNwKm6nVY57B VeOMYVjpiGZe6owtELzGPQaPj1dKiY8CRNfcDreS21mxk6NFv86iQOic8kH0MflP9jLhpuxq68fVKbbvnHawqsZ2lq2dPZbmwnuf 8V8h/.../XqfHf86nh8q9ZrL67WYUG20Dk=

http://dll513.yourfd.net/j5GPVmvcq0lj1aZgY i5LGDZ8zNh/eh/JPztei/702Q4v5A1S7TUahbk2Gwe69cTT66BCVeSpgJS2c5JTppgFViFZig2iXkee8wrHCaRcuhzzTPzNnNG4zl3abIuYETyOn9L8hY SvQLMln7GUdSzBtyQdULHWn4UFZYzhZ3It8XTy7o7F90i6BAKczVUSH uxJk96BuaPqlamz8om4UssEkBKTKbV 5lGEL7J89F4XKORfe1gFO2NMBRIzYDbjAjgrkxPsSr46nSc637BT2PqsSs2Sz9KQ/8PTvYL79wmeB5cEq0LbbeojwkC7Sr4ATyOiIT9TL3FLLkYoZmc7yA5qe/.../nqenU=

Remove YourFileDownloaderInstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.