home

msgr11us.exe

Yahoo! Inc.

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from xp.yimg.com.
Publisher:
Yahoo! Inc.

Description:
Yahoo! Messenger Suite Install Bootstrapper

Version:
2012.05.15.01

MD5:
e29ac24d8affb0550270fad8471a5481

SHA-1:
cce2b6c946a2e753dee3486da1681940bb6ea858

SHA-256:
bc43484d968a793e3064fb902cf9e57228fceeb4e7643405f5c422624d4b062e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 7:20:24 AM UTC  (today)

File size:
482.1 KB (493,680 bytes)

Copyright:
Copyright (c) 2012 Yahoo! Inc.

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\msgr11us.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Ldisxkn0a+6UrkJXoi4WKarATGmABae+l08X:LkYkn0bKYi4W+xABaZl08X

Entry address:
0x30CB

Entry point:
80, F4, E1, 24, 6B, 68, FD, C1, 26, 00, 04, 52, 86, C1, 2C, CE, 00, EE, 21, C6, 80, D8, C9, 6A, 00, 59, 38, C7, F2, 89, F2, 12, DD, 81, FF, E5, EE, 00, 00, 71, 06, C6, C4, AF, C6, C6, 98, 0F, AF, ED, 69, C6, 7D, C7, 9F, 7E, 8D, 35, C3, F2, FF, FF, F2, 87, FA, 81, C6, 32, 08, 00, 00, B2, 29, 3B, DB, 87, D3, 0F, C1, F1, B2, 3E, 8D, 15, D8, 67, 85, F2, 81, C1, 0C, 05, 00, 00, 8D, 35, 26, 63, 86, ED, 74, 0A, 8D, 15, 8C, E7, EA, 64, F2, C6, C0, ED, 0F, AF, EA, 87, ED, 81, F9, 12, 04, 00, 00, 0F, 8C, 99, FF, FF...
 
[+]

Entropy:
7.9372  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file msgr11us.exe has been seen being distributed by the following URL.

http://xp.yimg.com/gj/msgr/115/.../msgr11us.exe

Scan msgr11us.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.