YandexDisk.exe

Яндекс.Диск

YANDEX LLC

The application YandexDisk.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address downloader-default6h.disk.yandex.net on port 443.
Publisher:
Яндекс  (signed by YANDEX LLC)

Product:
Яндекс.Диск

Version:
1.4.11.5218

MD5:
746a196606240565e66fbb89036e99ff

SHA-1:
9ca801c28a91eddaa4abf1515074bfba4a2fd245

SHA-256:
5c91abbfea1ca041b3e751f0487432fe32d155c027eced2d8b5c374fcdf997e7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:55:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
16.11.4.0

File size:
16.8 MB (17,646,912 bytes)

Product version:
1.4.11.5218

Copyright:
© 2012-2016 ООО "ЯНДЕКС"

Original file name:
YandexDisk.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\yandex\yandexdisk\yandexdisk.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
8/18/2016 5:45:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:pksOlVzMue7LiLg0RqeicvDx3SpSTkTfHiX8kCKoouexGQ1g/I6obTSsGPoNcYC4:pIDq81xGQ1g/I3GPoNcYyJL4tP

Entry address:
0x9672C6

Entry point:
E8, 4A, 04, 01, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 42, 73, D6, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 78, 4B, 02, 00, 8B, 45, 0C, 8B...
 
[+]

Code size:
10.9 MB (11,481,600 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xiva-daria.mail.yandex.net  (213.180.193.179:443)

TCP (HTTP SSL):
Connects to downloader.disk.yandex.ru  (77.88.21.127:443)

TCP (HTTP SSL):
Connects to webdav.yandex.ru  (213.180.193.53:443)

TCP (HTTP SSL):
Connects to s82e.storage.yandex.net  (5.45.249.90:443)

TCP (HTTP SSL):
Connects to s70e.storage.yandex.net  (5.45.249.78:443)

TCP (HTTP SSL):
Connects to s54i.storage.yandex.net  (77.88.46.54:443)

TCP (HTTP SSL):
Connects to s23h.storage.yandex.net  (5.255.229.23:443)

TCP (HTTP SSL):
Connects to s08h.storage.yandex.net  (5.255.229.8:443)

TCP (HTTP SSL):
Connects to downloader-default6h.disk.yandex.net  (5.255.243.82:443)

TCP (HTTP SSL):
Connects to downloader-default2e.disk.yandex.net  (141.8.159.146:443)

Remove YandexDisk.exe - Powered by Reason Core Security