yanderetale-1.0.exe

Melek

Parsec Media S.L.

The application yanderetale-1.0.exe, “Melek Setup ” by Parsec Media S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.senddeliveryshare.com and multiple other hosts.
Publisher:
Coladicide   (signed by Parsec Media S.L.)

Product:
Melek

Description:
Melek Setup

MD5:
79323f6f0b4c0b69e414224e4e7b0843

SHA-1:
68f698edb9c8c2c393b29ece240a41e4ff09bf58

SHA-256:
1a7553dc0a335290d24b2999411a097a967a93ce35795502581dc3c179865866

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 11:36:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.2.24.20

File size:
1.2 MB (1,239,184 bytes)

Product version:
4.3

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\yanderetale-1.0.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/20/2016 4:02:38 PM

Valid to:
1/20/2017 4:02:38 PM

Subject:
CN=Parsec Media S.L., O=Parsec Media S.L., S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121664972E6D57B8AC3433073871EDF1FEA

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file yanderetale-1.0.exe has been seen being distributed by the following 2 URLs.

http://www.senddeliveryshare.com/7cRk4oBchgVlHmfe VJS5xhJYlcxuBVpc0HQHP4LPxGDJXCen6nvwKqj3maaRxy68dClYfOtlO4Atgj9SdL8q8n3eclCK32qSwU13NOlTuBPMHHDGEHkNSXr7kmZbzCbBUCwxF7efVOV3xyDOdOs4q1O71x3fOuS6ubZf3jWfA9G47kmCNUlWlzqi9tV6ba yKgX peku7Be9xSvizjuOtZQEa4C2olc0FCTDyRzVYEQCbgjoQVfyqASwf4QhQUFdVS gMW7HpDstF7JQ3rSwK_2H5PiNyeBIhTvCDJNjYZ7lJmK KFKnZrZVjQ5ZbpqPse_P7XZ12l5rZHwKIrpqG6P4YP3beFO7aDdxW a 63LO 33HI3HCWL3agNBFDpQp5m5aElue2 T3gJLjstLG5IiBgh757DWliVcRN53UA SmToqloKNsU 03PHaDVJoG3X2pMFz-G0YAAAT Z4dUCQYc_ra3KLnknHLA2tqSwsAO_vs9hzkcv0T5Nq0xS156o3NlmxWgTcw3tVzUc_Zw fM4zgc=

http://www.senddeliveryshare.com/qPI gQ9H3Rqm_W7DzyBvidSmgDdmS9ZrSEi282vBJTCCSjezYN6ZpQ7Rk8dBqNIV6qzn gXsX_07F72fDRRcHKrc xOeA1RfMQTjT8wt9TfqjVWsXhAG1AFIgIX1LDKNnt8euCnYF1xXSzDyxWGGfsROMpdDqE5bR_Z9jEtbvBW GNwcc9B0GoiZAOtCI8OuUjBYHOOieITvIh7sUId37xcDeh8ApRDVcrMpdaXru9Gucv00jLsmKF5vVkG7eD2drX4mZN6hw1Mj w_9Qfr6EHpsTT45Q0aIdNimExQkoIGPQ58GLSbBK98c63xj3L0kWTbQDiH03TQEZyWefIXz7sMFzbalswSNAm_bRxbrvO4Q3r1bl5EccdqjhS7bf9Y_gcoHygZciROTas8CaHM2xH3XYKuYQiyOGkt3v1T4X1I8SZWTmcfli_ZKnrdAmQU mp3P9Aaq-G0YAAAT Z4dUCQYc_ra3KLnknHLA2tqSwsAO_vs9hzkcv0T5Nq0xS156o3NlmxWgTcw3tVzUc_Zw fM4zgc=

Remove yanderetale-1.0.exe - Powered by Reason Core Security