yahoomessenger.exe

Yahoo! Messenger

Yahoo! Inc.

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Messenger (Yahoo!)’. This is installed with multiple programs including Yahoo! Messenger. The file has been seen being downloaded from onedrive.live.com and multiple other hosts.
Publisher:
Yahoo! Inc.  (signed and verified)

Product:
Yahoo! Messenger

Version:
11,5,0,0228

MD5:
127cd00925c1a2b759765c5b9600de30

SHA-1:
437329a7a24ef7adbb25dbb5d20755e528923773

SHA-256:
22a9710b84873622eb1027552f3e7cc3e054ff367010149822f476a143556335

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 9:41:24 AM UTC  (today)

File size:
6.3 MB (6,595,928 bytes)

Product version:
11,5,0,0228

Copyright:
(c) 1998-2012 Yahoo! Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\yahoo!\messenger\yahoomessenger.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/13/2009 3:00:00 AM

Valid to:
9/3/2012 2:59:59 AM

Subject:
CN=Yahoo! Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yahoo! Inc., L=Santa Clara, S=CA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D7A9A7D12556AB8688CA048C60F6018

File PE Metadata
Compilation timestamp:
5/25/2012 2:22:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:VMg3C6g68rv+IfDgweJ4Q8m01yfZuMpJGOS/y9TNdLPs9F:VMg3zg6E7WSQD01QZuMpJVW9F

Entry address:
0x3F14CF

Entry point:
E8, DD, 05, 00, 00, E9, 36, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 16, 80, F9, 20, 73, 06, 0F, AD, D0, D3, FA, C3, 8B, C2, C1, FA, 1F, 80, E1, 1F, D3, F8, C3, C1, FA, 1F, 8B, C2, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 56, 8B, 44, 24, 14, 0B, C0, 75, 28, 8B, 4C, 24, 10, 8B, 44, 24, 0C, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 08, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 10, 8B, C8, 8B, C6, F7, 64, 24, 10, 03, D1, EB, 47, 8B, C8, 8B, 5C, 24, 10, 8B, 54, 24, 0C, 8B, 44, 24, 08...
 
[+]

Code size:
4.3 MB (4,456,448 bytes)

Internet Explorer Extension
Name:
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}


13 Scheduled Tasks
Task name:
Messenger (Yahoo!)_Reg_HKCURun_SID

Path:
\CareCenter\Messenger (Yahoo!)_Reg_HKCURun_SID

Trigger:
Logon (Runs on logon)

Description:
Yahoo! Messenger

Task name:
DSite

Trigger:
Daily (Runs daily at 9:18 AM)

Action:
yahoomessenger.exe \check

Task name:
Digital Sites

Trigger:
Daily (Runs daily at 23:29)

Action:
yahoomessenger.exe \check

Task name:
SaveSense

Trigger:
Daily (Runs daily at 23:29)

Action:
yahoomessenger.exe \check

Task name:
DealPly

Trigger:
Daily (Runs daily at 10:47 PM)

Action:
yahoomessenger.exe \check

Task name:
At1

Path:
C:\WINDOWS\Tasks\At1.job

Trigger:
Daily (Runs daily at 12:03 AM)

Action:
yahoomessenger.exe \check

Description:
Created by NetScheduleJobAdd.


3 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Messenger (Yahoo!)

Command:
"C:\Program Files1\yahoo!\messenger\yahoomessenger.exe" -quiet

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Yahoo! Pager

Command:
"C:\Program Files\yahoo!\messenger\yahoomessenger.exe" -quiet

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SMSetup

Command:
"C:\users\{user}\appdata\local\temp\{random}.tmp\smsetup.exe" \s \cnid 715483 \dsie \dsff \dsgc \hp \wait \ntp_ie \ms \restart


11 Windows Firewall Allowed Programs
Name:
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Name:
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Name:
E:\New Folder (2)\Messenger\YahooMessenger.exe

Name:
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

Name:
C:\Program\Yahoo!\Messenger\YahooMessenger.exe

Name:
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


The file yahoomessenger.exe has been discovered within the following programs.

AT&T Yahoo! Messenger  by Yahoo! Inc.
AT&T Yahoo! Messenger is an AT&T branded version of Y! Messenger.
www.yahoo.com
21% remove it
Badoo Desktop  by Badoo
Publisher's description - “Badoo Desktop is a free application that shows you how near other users are right now. ”
badoo.com
26% remove it
Office Addin  by Acer Incorporated
Office-Addin is part of the AcerCloud platform and is designed to integrate with Microsoft Office products (Word, PowerPoint and Excel) and to backup files to the cloud.
www.acer.com
11% remove it
Shopping App by Ask  by APN, LLC
Publisher's description - “The Shopping Toolbar by Ask has the single purpose of enhancing a user’s online shopping experience by offering an enhanced shopping search experience, links to popular shopping sites and/or additional content such as coupons, special offers and the latest deals from many merchants.”
help.ask.com/link/portal/30015/30018/Article/227/What-features-does-the-Shopping-Toolbar-by-Ask-offer
79% remove it
Verizon | Yahoo! Messenger  by Yahoo! Inc.
Verizon Yahoo! Messenger is an AVerizon branded version of Y! Messenger.
messenger.yahoo.com
10% remove it
Yahoo Messenger  by Yahoo! Inc.
Is a downloadable casual PC game distributed by Yahoo! Games.
games.yahoo.com
5% remove it
Yahoo! Install Manager  by Yahoo! Inc.
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.
20% remove it
Yahoo! Messenger  by Yahoo! Inc.
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!.
7% remove it
Yahoo!7 Messenger  by Yahoo! Inc.
Publisher's description - “Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live friends without requiring any installation.”
3% remove it
 
Powered by Should I Remove It?

The file yahoomessenger.exe has been seen being distributed by the following 3 URLs.

https://onedrive.live.com/download.aspx?cid=20B0B1BAB2E74F73&authKey=!AHZ_lXNJcseKIHk&resid=20B0B1BAB2E74F73!656&ithint=.exe