yacdl.exe

Desk 365

337 Technology Limited

The application yacdl.exe, “Promotion application” by 337 Technology Limited has been detected as adware by 13 anti-malware scanners. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 82.b4.c1ad.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
Desk 365

Description:
Promotion application

Version:
1.15.10.8274

MD5:
011a498fd1476b69e34fba9fc629d99b

SHA-1:
d7d206515507a5822e369d5abae46159beb88df4

SHA-256:
c888ce3fd2674164e27bfe1a5167ec2c6a7db60832ed901190d56af962fad04f

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/6/2024 12:24:59 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.123.26

Dr.Web
Trojan.DownLoader10.42942
9.0.1.012

ESET NOD32
Win32/ELEX (variant)
8.9243

Fortinet FortiGate
W32/Badur.CAXS!tr
1/12/2014

herdProtect (fuzzy)
2014.1.26.20

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10720

Kaspersky
Trojan.Win32.Badur
14.0.0.4476

McAfee
Artemis!011A498FD147
5600.7252

Panda Antivirus
Suspicious file
14.01.12.07

Reason Heuristics
PUP.337TechnologyLimited.F
14.8.7.20

Trend Micro House Call
TROJ_GEN.F47V1116
7.2.12

Vba32 AntiVirus
Trojan.Badur
3.12.24.3

File size:
262 KB (268,336 bytes)

Product version:
1.15.10.8274

Copyright:
Copyright (C) 2012

Original file name:
deskdl.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\yacdl.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 11:04:18 AM

Valid to:
6/26/2015 11:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
11/13/2013 10:56:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:DTkGFU8z4/aKY1ZANo4qixJ5lf/IMH4oq:DToc4ir1OG4qELf/I+q

Entry address:
0x10B31

Entry point:
E8, B0, 8C, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9, 83, F1, FF, 33...
 
[+]

Code size:
160.5 KB (164,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 82.b4.c1ad.ip4.static.sl-reverse.com  (173.193.180.130:80)

Remove yacdl.exe - Powered by Reason Core Security