» yugmaseinstaller4_1_5_2.exe
Overview
Analysis
File Details
Downloads (1)

yugmaseinstaller4_1_5_2.exe

InstallAnywhere

YSL Holdings LLC

The application yugmaseinstaller4_1_5_2.exe, “InstallAnywhere Self-Extractor” by YSL Holdings has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.yugma.com.

File name:

Publisher:

Macrovision (signed by YSL Holdings LLC)

Product:

InstallAnywhere

Description:

InstallAnywhere Self-Extractor

Version:

9, 0, 0, 0

MD5:

aec713376ed78a1033de85c6dbfccb70

SHA-1:

19d410f4af961fea1e50e86eb24a374f235346e0

SHA-256:

45a2dab1f63c190881c87652fc07aa1b650cc42e3db165129bd39eac26dead58

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

5/6/2024 2:59:26 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Hacktool.Win32.WinVNC

4.0.3.15412

Comodo Security

UnclassifiedMalware

21475

Dr.Web

Program.RemoteAdmin.352

9.0.1.0102

Kaspersky

not-a-virus:RemoteAdmin.Win32.WinVNC

14.0.0.2202

McAfee

Artemis!AEC713376ED7

5600.6797

NANO AntiVirus

Riskware.Win32.WinVNC.bxzlz

0.30.8.659

Qihoo 360 Security

Win32/Virus.RemoteAdmin.b6d

1.0.0.1015

Trend Micro House Call

TROJ_GE.FAA5DFF9

7.2.102

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

17.9 MB (18,745,240 bytes)

Product version:

9, 0, 0, 0

Original file name:

iase.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\yugmaseinstaller4_1_5_2.exe

Digital Signature

Signed by:

YSL Holdings LLC

Authority:

Thawte, Inc.

Valid from:

6/11/2012 2:00:00 AM

Valid to:

6/12/2013 1:59:59 AM

Subject:

CN=YSL Holdings LLC, OU=IT, O=YSL Holdings LLC, L=Eden Prairie, S=Minnesota, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3B71EB6A06EC6EB0DB33CAFDC4F1D67C

File PE Metadata

Compilation timestamp:

11/10/2007 4:09:34 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

393216:RVH/juG0JkPMeYxne3STRe+uhnUNtsM/R9pIAjZDs9bI3ZZopQgEG:RVjiPe2nxQnEjJTbs9bIfgn

Entry address:

0x42250

Entry point:

60, BE, 00, B0, 42, 00, 8D, BE, 00, 60, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.9996

Packer / compiler:

UPX 2.90LZMA

Code size:

96 KB (98,304 bytes)

The file yugmaseinstaller4_1_5_2.exe has been seen being distributed by the following URL.

https://www.yugma.com/app/installer/v4/YugmaSE/.../YugmaSEInstaller4_1_5_2.exe

Remove yugmaseinstaller4_1_5_2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.