home

connectyellow.exe

Win32 Cabinet Self-Extractor

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dialer.connect.net.pk.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.3790.0 (srv03_rtm.030324-2048)

MD5:
0d7e31d4a147a50f165ede0f33e6f06b

SHA-1:
c64524babb0fc5bf81007fda12a2db9406536c22

SHA-256:
3a289652c62321fc2498c8edd4df9c69661c6e91d3149cd39c3631172a8fbfaf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 12:25:31 PM UTC  (today)

File size:
741 KB (758,784 bytes)

Product version:
6.00.3790.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\connectyellow.exe

File PE Metadata
Compilation timestamp:
1/17/2007 3:04:24 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:nribpjKyOaZy42kgPogn9obCRPpxZELCZlnwB97udT5+Gzrhpa6NpniOYsNs7HI:nVd42kgQgOIXvr+7wdr/hQ6NsOdsU

Entry address:
0xA991B

Entry point:
0F, AF, FE, F3, 85, D5, 72, 03, 86, F9, F3, 10, DB, 8D, 0D, 61, 13, FD, 10, 01, C6, F6, C7, 72, B9, BC, 39, 29, A2, 00, C9, F3, FF, C7, F3, 05, 93, 75, 00, 00, F2, 85, E8, 77, 07, 0F, AF, D2, 8B, ED, 88, FC, 53, 46, F2, F7, C7, 8C, C1, 86, 31, 8A, FE, 88, FE, C7, C2, DB, 8D, 91, FE, 21, D3, E8, 29, 00, 00, 00, 40, 0F, AF, C6, 2A, E2, 2B, FB, B0, 06, 24, A3, EB, 0C, 69, C3, 7F, 58, C8, 0A, C7, C5, E2, 11, 59, 00, 81, EA, 51, 3A, 01, 00, 0F, B7, EF, 81, C2, C5, 78, 00, 00, 69, DA, DC, 88, 89, 14, 81, CA, A7...
 
[+]

Entropy:
7.9292  (probably packed)

Code size:
36 KB (36,864 bytes)

The file connectyellow.exe has been seen being distributed by the following URL.

http://dialer.connect.net.pk/dialer/.../ConnectYellow.exe

Scan connectyellow.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.