yandex.exe

Yandex

YANDEX LLC

The application yandex.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from partner.softfiles.ru and multiple other hosts. While running, it connects to the Internet address cache-mskstoredata01.cdn.yandex.net on port 80 using the HTTP protocol.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex

Version:
17.1.0.2034

MD5:
b38a00f50e8ce896ecf4bae40ba1b353

SHA-1:
bb23f907c52635fde4fc3886566f76ea53dc4fac

SHA-256:
7efc55cb5a06929945b178209b98697ca1165d4a536f26b39cecf0b08db8cde0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:47:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
17.1.27.21

File size:
1 MB (1,069,560 bytes)

Product version:
17.1.0.2034

Copyright:
Copyright © 2012-2016 YANDEX LLC. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yandex.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
1/12/2017 3:14:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2E2E5

Entry point:
E8, BD, 08, 00, 00, E9, 8E, FE, FF, FF, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 10, BA, 45, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 08, BA, 45, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, 28, BA, 45, 00, 66, 0F, 2F, C2, 76, 0A, BA, 10, 00, 00, 00, E8, 3D, 01, 00, 00, 66, 0F, 2F, C5, 0F, 83, 21, 01, 00, 00, F2, 0F, 10, 35, 00, BA, 45, 00, 66, 0F, 2F...
 
[+]

Code size:
329 KB (336,896 bytes)

The file yandex.exe has been seen being distributed by the following 6 URLs.

http://partner.softfiles.ru/10.html?parameter=Yandex_Browser_Rus_Setup.exe

http://cache-mskdataline04.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://cache-ams05.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://cache-kiev01.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://cache-mskm907.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://cache-mskstoredata02.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to clck.yandex.ru  (87.250.251.14:80)

TCP (HTTP):
Connects to cdn.yandex.net  (5.45.205.232:80)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (213.180.204.82:443)

TCP (HTTP):
Connects to cache-mskdataline09.cdn.yandex.net  (5.45.221.19:80)

TCP (HTTP SSL):
Connects to storage.ape.yandex.net  (213.180.193.55:443)

TCP (HTTP):
Connects to cache-novosibirsk01.cdn.yandex.net  (84.201.159.16:80)

TCP (HTTP):
Connects to cache-mskstoredata01.cdn.yandex.net  (37.9.96.12:80)

TCP (HTTP):
Connects to cache-mskm904.cdn.yandex.net  (5.45.220.14:80)

TCP (HTTP):
Connects to cache-mskdataline06.cdn.yandex.net  (5.45.221.16:80)

TCP (HTTP):
Connects to cache-ektmts04.cdn.yandex.net  (5.45.240.13:80)

TCP (HTTP):
Connects to cache-ams02.cdn.yandex.net  (5.45.247.10:80)

Remove yandex.exe - Powered by Reason Core Security