» ywriter5full.exe
Overview
Analysis
File Details
Downloads (21)

ywriter5full.exe

yWriter5

Spacejock Software

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

ywriter5full.exe

Publisher:

Spacejock Software

Product:

yWriter5

Description:

yWriter5 Setup

MD5:

2440201750f65f38e64039f5d5ed4bb2

SHA-1:

a42829e947a5969575ab79ca7f43f5cd6dc2de32

SHA-256:

99c5ca20e6f40079ca14b4148395c8c17b385c054dcbb13393eb2bd9887bb1f8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 2:13:05 PM UTC (today)

File size:

2 MB (2,046,840 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ywriter5full.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:5aRyJJvIsIfUadfGqOwj3AZeCzQU5FwHK6vZG9cxOf3z5:QRyJqPvpzMXMguHK6vk95f1

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9942

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file ywriter5full.exe has been seen being distributed by the following 21 URLs.

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1429872655&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=UwUbmpdsO2Oudek48A~pV2mpDJxGdNH5U-tqDRI3mT2lrtQhwy4O4qPv3sVBzbfWbn7AlwWE2jQU4UxXSJEDsgJZEhPGe7hcYgF0nI0iM2iuC0I4j53gvWWEBGBrELn~0UAkR7nrtcKaihxBzCKvG85LZStIWFDuS3A0JStum~I_&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1475748494&Signature=fggi~UHnsulQaSTnxCKxsSnOVBUgdLyk7V~IgnQKhOnFVder63~APwp9hyc7JTxRulJidWJtEj72OdqEDZPT0QloSj-r6xI-9AmAhEEj0aSc2leqvET1jUrc26~ew3lCHLmUq334z3m7rUjdQA8eouQaTsHKxu9~tcXa9op6ulU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1444660900&Signature=eIRei19fBJoOFTYOJ~JvYXGb7lt16owB3x205Ca~TfuCNu98L04WoVOFI7E~6SaBVYZQOqCbzULIPqQnIh1Lwrov~PBnynhHBXzarp0kWq~-2G5xd3PVbuw9HBmPI-lnE4PBZoiRxF9Jv5QTbQ6D8pYRrWRBZw7v6425gr972VE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1469700210&Signature=PVfzqFuaHw1y0lClaUzN-sYGMXvjcmgwVugH9qFQNoq~cvuG9NyW8OYZa6qrMfe~OqzRGoetFecA27OyHnE5sdBhtSQ290mZExsJgVcemV3pIpBkz7ygVc41hKGUrGiTVm-15fQQVHZopvHftq1e987Av6dWrjbNP0LPewgXkFY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_fr&type=PROGRAM&Expires=1479872951&Signature=H-7EAoZz3X4nnrGauRf-fpoySnvNfQQdLfq8zYSTmrGgZf8V3nJP7Q5BgrMNhuOY7u-g05VslKZ4eDpK8hml7qvOWyARb8Wian2MC7bPEgGRW2j3t9HG2jbbIXL6HsF6QKikAoNryfPSREkXk0LAtf6oNvZYGVcq0YQCSBkmeIw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1434474606&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=WJ6HXHVgtd0grKYNzvqlnc4x3gO-Y2mu~4Hif2P71pziIa-op-Ur2CQazOx5EJFbDAb~7UbFkmIZ37qdZh7jYGDyVCjgtD22b9mlzYwioPM-1oeWwq1tXvsLmcLYvtcVgmQ15~LLK2Usa0jBprYgrpVij4~LY4Kxoh-w7u3ZP8s_&filename=yWriter5Full.exe

http://downloads.zoznam.sk/.../ywriter-32?did=11717

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_br&type=PROGRAM&Expires=1463108685&Signature=VbufOCWRroSkGxq3IEpsyU8Xh0YAI-SNLFa6r4QEx~t9WPjf9eXTTm6r74R8T34gh9yFKiv8K1r3AeSqbg8VSbqJYB1BRXDJCUHzM8ElLUt9QiMsX3CXJbaRQaEypTuOSemZvcDWn7ddDh1y~BrvAp0BiyU6MqgAihpqFgXRx24_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1454421895&Signature=d64DlMdR7HBRl376Jl9m7ZckISbW0aC3IpF1r9f~veaQ5pS2L~K3hbOgBr0zAzS5QP21DNoR0JiSc8Tx0T1SgcPISnVYdzH1vrMbrO88cDQGF8p-AuT48et09LLt3QGK3fiJ8ZG5icszjSAHgCKcmkho-74kO36ioYPWqCh61wU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1438125997&Signature=S-MIqbBB74PJq10oDLX5mqMXyRhlh60pVXdJa7v7sP4APFbrX0uRVCs5gvHeuQ8orThXktSgnije-VOoUx3RmjX3bWQZ1eP~IDU2rEza0xKdeLgQFG1LQ-~HF-m3pPkhO3z62KrkJovytKinhE9FMy9ykT8gSmkQ13lWnk-pTQ4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1457904521&Signature=gwRSpX1oUu8s2YOdc58JkpfKNuOAMVLvd0VIyJKDRg33ND39UgltIUku-qSsIYCNjk6u1DvqV5H1YXFIGXpkVunDdkRrQmthz4dLPxkk~TSf7kTiOU9OfzKwnqESe3C1nwTRdlIseEn5Jfx7fXcIpgeTzw2ev7vQbntnhvKTfM0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1457381414&Signature=BCobE4CF7OqrugaIziiFHvmRxDPMrnPiA-7MmIvnqVJEDlwA5RDCVgzTvpTgsc1yH~djNML3aZ0IMal5ttSIfanIBVCkESi~zlLzw1TGvaL8Vs9qHRbOeL1NnI0EZFeyqgwPFTUM9y4GA-GNVLzWeMitbRJPPsBHGYpkZjKrZYw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_br&type=PROGRAM&Expires=1453824950&Signature=SqZhF-HPnXW59hXkExx72bN5G16Aj-OikT4a4gBlt7fFf0nTs8zm8rZq-gJeXZ5M1yWQ~daY0yRkAh2mUhj1B1wJb-NWVkCjfqCblY0xYzm9VauXK5DX8MQDv14BQD8ueGr5sx-M11XaeOTndk6hbDlVt5qzzhp9-kJP52t1XYs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1454519182&Signature=W98GuSqxjy9OUBTSPaxwhJom2THIvB8oFfHbAWTmTYZ1igdlxYIvEEw2szGeXCfgAa1OrLrbf5Hv-KSFQ8Igf4~8rU9n0tLsXgiL52o6r8R5FFdYYrnguHYUsdp8nAY~Sr99XP5vOSRO5OR6SzbebZIrjkh6Xg1NZrhDLvT5gJM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://lifeinbooks.net/wp-content/uploads/2013/.../yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_fr&type=PROGRAM&Expires=1444195805&Signature=SGqCoxXWTp6C~lV3h9cEvy4UYE5tRZUr9YOAYyyEyi1l492clkye9RsPFSl0vXNlHfMTLK2CZS3a7pU50reen8e9TUslupVifUtrJVuatbulCLXG9D~3zNX7fHjsSUSpvnN88lRmxZDxP3W9gT3TeMPJxWXqC0DzRHVOh~bGU9A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://gsf-cf.softonic.com/a42/829/.../file?SD_used=0&channel=WEB&fdh=no&id_file=41650&instance=softonic_es&type=PROGRAM&Expires=1441691364&Signature=itKmGrPv7sOvjPolO4DFSx~UXea-dQAmR6PU-icj8TsnmQ1S37YuuMQrF-L5RhHz5IbOWKCf2xKVAXvMsgWtKdw-BrzrauVYUkoITjMJCRU7M-RhSd64QY90GfkeXVuiP14f1cRYsJ-vScTUXlKa4lLO9cNXt2MHoRxbPU1qLNU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=yWriter5Full.exe

http://dw3.uptodown.com/dw/1404768559/.../ywriter-5-2-0-5-en-win.exe

http://software-files-a.cnet.com/s/software/12/79/25/.../yWriter5Full.exe

http://downloads.pcworld.com/pub/new//.../yWriter5Full.exe

http://www.spacejock.com/.../yWriter5Full.exe

Scan ywriter5full.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.