browserupdater.yzm.exe

The application browserupdater.yzm.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. While running, it connects to the Internet address server-54-230-122-42.dfw50.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
26b2b7e74c8d306b45e1c796baccc735

SHA-1:
5f1738e17c20184e534e33bf00cc1860812d05c1

SHA-256:
5fef20a470598e83b9132a83ae2cd4c10872354bb32351080f4c6f85237774c3

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 8:41:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Elex.Mikey.6
-26

AegisLab AV Signature
Troj.Horse.Gen!c
2.1.4+

Arcabit
Trojan.Application.Elex.Mikey.6
1.0.0.795

AVG
Generic_r
2018.0.2452

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.1732

Bitdefender
Gen:Variant.Application.Elex.Mikey.6
1.0.20.305

Emsisoft Anti-Malware
Gen:Variant.Application.Elex.Mikey
8.17.03.02.11

F-Secure
Variant.Application.Elex
5.16.24

G Data
Gen:Variant.Application.Elex.Mikey
17.3.25

IKARUS anti.virus
PUA.Elex
0.2.1.2

Malwarebytes
Adware.Elex
v2017.03.02.11

MicroWorld eScan
Gen:Variant.Application.Elex.Mikey.6
18.0.0.183

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Heuristic!ET#89% (rdm+)
23.00.65.17228

Vba32 AntiVirus
Trojan.Regger
3.12.26.4

File size:
2.5 MB (2,600,562 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\yzmkblld\{c7bcd07d-80c2-4c89-9dc5-d7d15d394581}\browserupdater.yzm.exe

File PE Metadata
Compilation timestamp:
3/2/2017 7:29:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x2562

Entry point:
E8, 89, 1C, 00, 00, E9, 7F, FE, FF, FF, 56, 6A, 04, 6A, 20, E8, 80, 23, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 88, A0, 40, 00, A3, 40, 2E, 41, 00, A3, 3C, 2E, 41, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 20, E7, 40, 00, E8, 29, 21, 00, 00, E8, AC, 12, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 44, 21, 00, 00, C3, 8B, 75, E4, E8, 87, 12, 00, 00, C3, 55, 8B, EC, 51, 53, 56, 8B...
 
[+]

Code size:
36 KB (36,864 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-122-42.dfw50.r.cloudfront.net  (54.230.122.42:80)

TCP (HTTP):
Connects to server-54-230-95-253.fra2.r.cloudfront.net  (54.230.95.253:80)

TCP (HTTP):
Connects to server-54-192-55-94.jfk6.r.cloudfront.net  (54.192.55.94:80)

Remove browserupdater.yzm.exe - Powered by Reason Core Security