iDesk.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iDesk.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address 207-235-47-8.static.twtelecom.net on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
YAC Desk

Version:
6.7.116.29762

MD5:
d7287fa52b13a197cdb32831d4f82296

SHA-1:
30e13e395a46807b86d4ac99c8b1ba86c4f4fc87

SHA-256:
9c33046cadb4d437a5316e0c00fb0f11792e3950f1cebd5a371ab3ec72a6019f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/17/2024 12:37:24 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Adware.Mutabaha.569
9.0.1.0273

G Data
Win32.Application.Elex
15.9.25

K7 AntiVirus
Trojan
13.203.15801

Malwarebytes
FraudTool.YAC
v2015.09.30.10

Reason Heuristics
Win32.Generic.ELEX.Meta
15.9.30.22

File size:
924 KB (946,208 bytes)

Product version:
6.7.116.29762

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
iDesk.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\idesk.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/12/2015 9:00:00 PM

Valid to:
7/12/2017 8:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
9/11/2015 7:01:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:n4O40S/4WlE8FaPvdotYWzej46SkUzc7+r3DTu6L1mOsgmiuiNpWCtbp/rdFsaL1:n4O4tQZ8YWtYdj46XO3XuPBLEpR

Entry address:
0x861ED

Entry point:
E8, DF, 03, 00, 00, E9, 4C, FE, FF, FF, CC, FF, 25, 28, 13, 49, 00, FF, 25, 2C, 13, 49, 00, FF, 25, 30, 13, 49, 00, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, BA, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, A4, 04, 00, 00, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 16, 5D, 48, 00, 68, 60, 80, 4C, 00, E8, B2, 04, 00, 00, 83, C4, 18, 5D, C3, CC, 55, 8B, EC, FF, 15, 90, 11, 49, 00, 6A, 01, A3, 6C...
 
[+]

Code size:
573 KB (586,752 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 54.9d.7e4b.ip4.static.sl-reverse.com  (75.126.157.84:80)

TCP (HTTP):
Connects to 52.9d.7e4b.ip4.static.sl-reverse.com  (75.126.157.82:80)

TCP (HTTP):
Connects to 99.85.7e4b.ip4.static.sl-reverse.com  (75.126.133.153:80)

TCP (HTTP):
Connects to 207-235-47-8.static.twtelecom.net  (207.235.47.8:80)

TCP (HTTP):
Connects to 158.subnet180-250-68.speedy.telkom.net.id  (180.250.68.158:80)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

Remove iDesk.exe - Powered by Reason Core Security