yandex.exe

Yandex

YANDEX LLC

The application yandex.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from browser.yandex.ua and multiple other hosts. While running, it connects to the Internet address cache-samaramgf04.cdn.yandex.net on port 80 using the HTTP protocol.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex

Version:
17.1.0.2034

MD5:
d738bbba79586783bb5094b23683c1be

SHA-1:
31626ef01db215b513aa4dbd75d48cfe279d05d8

SHA-256:
12269baf2be09ba4513cf074ee98fa7e67e65251af47424befedf103d8526eed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:55:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
17.2.3.18

File size:
790.5 KB (809,464 bytes)

Product version:
17.1.0.2034

Copyright:
Copyright © 2012-2016 YANDEX LLC. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yandex.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
1/12/2017 3:14:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2E2E5

Entry point:
E8, BD, 08, 00, 00, E9, 8E, FE, FF, FF, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 10, BA, 45, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, 28, BA, 45, 00, 66, 0F, 2F, C2, 76, 0A, BA, 10, 00, 00, 00, E8, 3D, 01, 00, 00, 66, 0F, 2F, C5, 0F, 83, 21, 01, 00, 00, F2, 0F, 10, 35, 00, BA, 45, 00, 66, 0F, 2F...
 
[+]

Code size:
329 KB (336,896 bytes)

The file yandex.exe has been seen being distributed by the following 2 URLs.

https://browser.yandex.ua/download?partner_id=switch-browser-ua-ru&banerid=1097040099:1363596201463065165:CM7Nv4m_p88CFcLUcgodN-cFZA:none:http://yandex.ua/yandex_browser/turbo_ru/0/?from=adwords_gdn_turbo_ru&utm_source=google&utm_medium=gdn&utm_campaign=Banners_soft_gdn&utm_content=geographer.com.ua&gclid=CM7Nv4m_p88CFcLUcgodN-cFZA

http://download.yandex.ru/yandex-pack/browser/.../Yandex.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.yandex.net  (5.45.205.235:80)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (87.250.250.82:443)

TCP (HTTP):
Connects to clck.yandex.ru  (93.158.134.14:80)

TCP (HTTP):
Connects to cache-samaramgf04.cdn.yandex.net  (5.45.232.12:80)

TCP (HTTP):
Connects to cache-kiev09.cdn.yandex.net  (141.8.174.48:80)

TCP (HTTP):
Connects to cache-kiev03.cdn.yandex.net  (141.8.174.76:80)

Remove yandex.exe - Powered by Reason Core Security