» browserupdater.yzm.exe
Overview
Analysis
File Details
Network (3)

browserupdater.yzm.exe

The application browserupdater.yzm.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. While running, it connects to the Internet address server-54-230-122-42.dfw50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

MD5:

26b2b7e74c8d306b45e1c796baccc735

SHA-1:

5f1738e17c20184e534e33bf00cc1860812d05c1

SHA-256:

5fef20a470598e83b9132a83ae2cd4c10872354bb32351080f4c6f85237774c3

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 8:41:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Elex.Mikey.6

-26

AegisLab AV Signature

Troj.Horse.Gen!c

2.1.4+

Arcabit

Trojan.Application.Elex.Mikey.6

1.0.0.795

AVG

Generic_r

2018.0.2452

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.1732

Bitdefender

Gen:Variant.Application.Elex.Mikey.6

1.0.20.305

Emsisoft Anti-Malware

Gen:Variant.Application.Elex.Mikey

8.17.03.02.11

F-Secure

Variant.Application.Elex

5.16.24

G Data

Gen:Variant.Application.Elex.Mikey

17.3.25

IKARUS anti.virus

PUA.Elex

0.2.1.2

Malwarebytes

Adware.Elex

v2017.03.02.11

MicroWorld eScan

Gen:Variant.Application.Elex.Mikey.6

18.0.0.183

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Heuristic!ET#89% (rdm+)

23.00.65.17228

Vba32 AntiVirus

Trojan.Regger

3.12.26.4

File size:

2.5 MB (2,600,562 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\yzmkblld\{c7bcd07d-80c2-4c89-9dc5-d7d15d394581}\browserupdater.yzm.exe

File PE Metadata

Compilation timestamp:

3/2/2017 7:29:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x2562

Entry point:

E8, 89, 1C, 00, 00, E9, 7F, FE, FF, FF, 56, 6A, 04, 6A, 20, E8, 80, 23, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 88, A0, 40, 00, A3, 40, 2E, 41, 00, A3, 3C, 2E, 41, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 20, E7, 40, 00, E8, 29, 21, 00, 00, E8, AC, 12, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 44, 21, 00, 00, C3, 8B, 75, E4, E8, 87, 12, 00, 00, C3, 55, 8B, EC, 51, 53, 56, 8B... 
[+]

Code size:

36 KB (36,864 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-122-42.dfw50.r.cloudfront.net (54.230.122.42:80)

TCP (HTTP):

Connects to server-54-230-95-253.fra2.r.cloudfront.net (54.230.95.253:80)

TCP (HTTP):

Connects to server-54-192-55-94.jfk6.r.cloudfront.net (54.192.55.94:80)

Remove browserupdater.yzm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.