yandex.exe

Yandex

YANDEX LLC

The application yandex.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from browser.yandex.com.tr and multiple other hosts. While running, it connects to the Internet address cache-mskdataline04.cdn.yandex.net on port 80 using the HTTP protocol.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex

Version:
17.1.0.2034

MD5:
999b29c475cf8b67a125cae1efb5b230

SHA-1:
320411f0193f6d63ae25f9a7901c19f2600b9a4f

SHA-256:
15da7df1d0a867fde95307997c0dcdc8786507aaad0bb7c9d954c2413793fd77

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:44:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
17.1.27.16

File size:
884 KB (905,208 bytes)

Product version:
17.1.0.2034

Copyright:
Copyright © 2012-2016 YANDEX LLC. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yandex.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
1/12/2017 4:14:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2E2E5

Entry point:
E8, BD, 08, 00, 00, E9, 8E, FE, FF, FF, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 10, BA, 45, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, 28, BA, 45, 00, 66, 0F, 2F, C2, 76, 0A, BA, 10, 00, 00, 00, E8, 3D, 01, 00, 00, 66, 0F, 2F, C5, 0F, 83, 21, 01, 00, 00, F2, 0F, 10, 35, 00, BA, 45, 00, 66, 0F, 2F...
 
[+]

Code size:
329 KB (336,896 bytes)

The file yandex.exe has been seen being distributed by the following 2 URLs.

https://browser.yandex.com.tr/.../?partner_id=350041&banerid=6500000000:5896197382a543001884d31e&utm_referrer=http://www.oyunkolu.com/dovus-oyunlari/drunken-wrestlers.html?oyunu=oyna&zih=1&lite=1

https://browser.yandex.com.tr/.../?partner_id=350041&ncrnd=9053&banerid=6400000000:58a06492e332a200221c9501&zih=1&lite=1

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.yandex.net  (5.45.205.234:80)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (213.180.193.82:443)

TCP (HTTP):
Connects to clck.yandex.ru  (213.180.193.14:80)

TCP (HTTP):
Connects to cache-turk04.cdn.yandex.net  (5.255.197.20:80)

TCP (HTTP):
Connects to cache-turk01.cdn.yandex.net  (5.255.197.17:80)

TCP (HTTP):
Connects to cache-turk06.cdn.yandex.net  (5.255.197.22:80)

TCP (HTTP):
Connects to cache-turk05.cdn.yandex.net  (5.255.197.21:80)

TCP (HTTP):
Connects to cache-turk03.cdn.yandex.net  (5.255.197.19:80)

TCP (HTTP):
Connects to cache-turk02.cdn.yandex.net  (5.255.197.18:80)

TCP (HTTP):
Connects to cache-mskstoredata10.cdn.yandex.net  (37.9.96.21:80)

TCP (HTTP):
Connects to cache-mskm909.cdn.yandex.net  (5.45.220.19:80)

TCP (HTTP):
Connects to cache-mskdataline04.cdn.yandex.net  (5.45.221.14:80)

TCP (HTTP):
Connects to cache-ams05.cdn.yandex.net  (5.45.247.13:80)

Remove yandex.exe - Powered by Reason Core Security