home

ysd-en-covus.exe

DownloadGuide

The application ysd-en-covus.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. The file has been seen being downloaded from www.abelssoft.net.
Product:
DownloadGuide

Version:
2.5.0.83

MD5:
14d2db2c540a7a11eb4a4d609ba47e13

SHA-1:
979e3734bd3c01c1f58ed3ab99acb28852bf5ead

SHA-256:
c0598576ae468a2c3134057b288f64779677c429709b589ebd132063b45968ca

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:44:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus.Bundler.Meta
15.6.15.10

Trend Micro House Call
TROJ_GEN.F47V1018
7.2.18

File size:
712.1 KB (729,200 bytes)

Product version:
2.5.0.83

Copyright:
Copyright © 2013

Original file name:
DownloadGuide.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ysd-en-covus.exe

File PE Metadata
Compilation timestamp:
9/24/2013 5:13:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:Npm++5aXrC717Ya0Y/llcchu+xgvupIAXjd9ELMu7Zo:NU55MrC750Y/rcccvupIAb+Mu9o

Entry address:
0x8A3DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, 49, 39, 40, 08, 74, 0C, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, FF, E0, 48, B8, 00, 00, 00, 00, 00, 00, 00, 00, FF, E0, 55, 8B, EC, 8B, 45, 10, 81, 78, 04, 7D, 1D, EA, 0C, 74, 07, B8, B6, B1, 4A, 06, EB, 05, B8, B6, 92, 40, 0C, 5D, FF, E0, 7B, 05, 4A, 0C, F4, 9C, DD, 9A, 79, DD, B7, 29, 79, 41, 09, 2B, 43, 51, 17, 2B, 4A, 3F, 40, 17...
 
[+]

Entropy:
6.5154

Code size:
545 KB (558,080 bytes)

The file ysd-en-covus.exe has been seen being distributed by the following URL.

http://www.abelssoft.net/ysd-en-covus.exe

Remove ysd-en-covus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.