» yumi-0.0.9.2.exe
Overview
Analysis
File Details
Downloads (1)

yumi-0.0.9.2.exe

pendrivelinux.com

The executable yumi-0.0.9.2.exe, “Automated Universal MultiBoot UFD Creation Tool” has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.cdrinfo.pl.

File name:

yumi-0.0.9.2.exe

Publisher:

pendrivelinux.com

Description:

Automated Universal MultiBoot UFD Creation Tool

Version:

0.0.9.2

MD5:

598b095f092070f3213cfc314a452d68

SHA-1:

48df103b00e1e7bf7645d62070c3be22b942d65d

SHA-256:

213e7867ee85863fb94b160074753f4431e1c2af8d1f93c80819a41885ee04b7

Scanner detections:

9 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 10:33:49 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.2396.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4721115

50674

File size:

1.2 MB (1,232,357 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\yumi-0.0.9.2.exe

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:VrZ5UeZpnHkb+/JQOIlgRtPSaWhUE5KU6nVyViuqVKBZGHABNK7P:35ZZCbCIgPJr4KU8VyouHBZ/BwP

Entry address:

0x30CB

Entry point:

0C, 4F, C7, C2, 84, F3, B7, 13, 76, 0A, C7, C2, 73, 9D, 34, 45, 4D, 0F, AF, CD, 80, FD, 96, F6, C4, B0, 0F, B6, DA, 8D, 3D, 34, 66, BE, 05, 3A, E7, 69, DA, 62, 0E, 1F, AA, FE, C1, 0F, BE, D5, 81, EE, 0B, B2, 02, 00, BD, E1, 9A, 60, 60, 81, C6, 3B, E7, 01, 00, C6, C5, 4F, 4A, 1A, F7, 87, EB, 0F, AF, C6, 8A, CD, 0F, AF, ED, 8B, C0, 2D, DE, 6B, 46, 11, E8, 20, 00, 00, 00, 0F, AF, F1, 0F, AF, F3, 69, E8, D3, 7E, 53, 6F, 8D, 35, 8E, 7F, 09, D5, 48, 1D, E7, ED, 99, B5, 69, EA, 9C, C3, 83, 74, 3B, CE, 42, 0F, AF... 
[+]

Code size:

22.5 KB (23,040 bytes)

The file yumi-0.0.9.2.exe has been seen being distributed by the following URL.

http://www.cdrinfo.pl/download.php?filename=YUMI-0.0.9.2.exe&id=1750094749&baza=soft

Remove yumi-0.0.9.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.