_jcbljfv.exe

Setup

Elex do Brasil Participações Ltda

The file _jcbljfv.exe has been detected as potentially unwanted by 1 anti-virus scanner. The file has been seen being downloaded from www.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
Setup

Version:
6.8.15.29832

MD5:
25729bc8bd6501fb1e574068c4685af7

SHA-1:
c1aa5ce6194741f897c9a48ae5f3c969dc91224c

SHA-256:
d888f147ef1a8768a86302c10406089677a571ad0ac699409e68888c17b6a92a

Scanner detections:
1 / 68

Status:
Potentially Unwanted

Analysis date:
11/23/2024 10:11:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
15.12.28.16

File size:
853.5 KB (874,000 bytes)

Product version:
6.8.15.29832

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
setup.exe

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\_jcbljfv.exe.part

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/13/2015 2:00:00 AM

Valid to:
7/13/2017 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
12/22/2015 6:09:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:0r0X6thpUvxeveV0d0wrLtW4+VkS3WAzxEmdLaBd797OO/8FlUBVxy4:oXoJe22CsXJTAzxEmdL4J97X0ABVI4

Entry address:
0x9EB2

Entry point:
E8, D1, 31, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 6C, 20, 41, 00, 6A, 01, A3, C4, A7, 41, 00, E8, 8E, 36, 00, 00, FF, 75, 08, E8, 23, 36, 00, 00, 83, 3D, C4, A7, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 74, 36, 00, 00, 59, 68, 09, 04, 00, C0, E8, F1, 35, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 99, 5E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A8, A5, 41, 00, 89, 0D, A4, A5, 41, 00, 89, 15, A0, A5, 41, 00, 89, 1D, 9C, A5, 41, 00, 89, 35, 98, A5, 41, 00, 89, 3D, 94...
 
[+]

Code size:
64.5 KB (66,048 bytes)

The file _jcbljfv.exe has been seen being distributed by the following 50 URLs.

http://www.yac.mx/download/.../down.php?pt=sim&subid=1278502673

http://www.yac.mx/download/.../down.php?pt=sim&subid=1281577530

http://www.yac.mx/download/.../down.php?pt=sim&subid=1281774547

http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.softonic.com/sads/tracker.php?ev=c&co=CL&upv=0913e5e2785af0cd9aeb608998ff7dc5&z=results&sk=0&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2EFDC474A9419B68B9ABABBB4832359ED29B3C8B5D28FC43DB84F016498ED09C33BBFAF3EC2C3F06D4D6775EA8635AAC5081C9698A857B986969D4BC479E64DD0D0216C3D135740DD32D6DC3C838EC2F81D10AA93D259A017D3026CAD86AE42C837DD99F0520A93A94DFCBC8AECB3F99A1C7457522F2416CEE92CB76D45821C94&h=A610F4BABF3EE04E62EBB2A33A230A135796819DFEC602185A89F9509311DBC0&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=dcc53be2c66f78ec1b5a3ec67eb677c1&upv=e6b487fc0fa45a62a4789b34dc233bc7&z=results&sk=0&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA2625AC01B668F2F6345EE79833CF022E1F319FE808C9863622691C775011BFD8F5ECFFC724226B9D5C5896A6184E7EB684725C2006759978174477582E7717B9523B971B637B115E602144D0EE51B17083FF20CF82D56432DC8FCC8101391C02597DF069B5C4C30EB7E07AB5BF3D098776AF4DFFC4E2629430EF6B955415B1AF46E5865623623CB728B119C85F285278C6DB76F374BEA056008D6C88872D9632&h=A032F65C50E1F1DB01CDF3D2D7543627E1985246BB47282CC576B261A9AA77C4&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.softonic.com.br/sads/tracker.php?ev=c&co=PT&sid=66079bf11777cfcf85e337ed2da4b1de&upv=34f46f73a675b521117372e4d068111d&z=results&sk=0&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAB9D0A325A0C66CC51714148938FC8A64534E2644A75EFA7D61BFA0D6546113E17A583EAA27FB60F60DDF7F08B607273695B9ACB9D9EB45C8AA7BA83BBC191481CE5D1AB52D76E52240340D9070DC27EA6BFF004F6A6EB44E63B1951ABF3CE826469A18245B5640B55A77EFC63843DC93A01E25DCD80AE9A2722E317CC46A92681E959D4952215A0C98C44775603009DF17BE4129246DECE024B6F1241EA712FA&h=E4BA8FE3545759406405FD9616ED4E07279A86185BFF6E9C68DBB4F2DED020EA&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.yac.mx/download/.../down.php?pt=sim&subid=1268077922

http://yet-another-cleaner.softonic.pl/download

http://www.yac.mx/download/.../down.php?pt=sim&subid=1281340401

http://www.yac.mx/download/.../down.php?pt=sim&subid=1271405406

http://en.softonic.com/sads/tracker.php?ev=c&co=GR&sid=dc07d3790423e18d64b56dcd60aaa797&upv=f13438eae0727efd159407001fb5e708&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E0313858C8F8C1052086E0A941149460CE72A8D032A6912F746B57B6764FCF5F6A4AD4C9B36C827EA5C18B24137E34514CC9C257342BBE9949D7DEF3E760A28A2375504F8061A2E8F95D6022D382965BBC2B35C10DF68C0FBD203A3B7E99910005D9F2D1EC5E622EA5FC871D16D31EFBE37542F6CCFB0E154965ABE3093502CED9E7FD7AC3571E533AB393CD528DA1548E30981531A69B84C161AA59A68DBDB21C5&h=C537BED617B2BA133D28D77BDBD21311253B7B3E246EBB15F4143A9D9E2582F2&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.yac.mx/download/.../down.php?pt=sim&subid=1277803864

Latest 30 of 127 download URLs

Remove _jcbljfv.exe - Powered by Reason Core Security