yandexdisksetupru.exe

Яндекс.Диск

YANDEX LLC

The application yandexdisksetupru.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from disk.yandex.ru. While running, it connects to the Internet address webdav03f.dst.yandex.net on port 443.
Publisher:
Яндекс  (signed by YANDEX LLC)

Product:
Яндекс.Диск

Description:
YandexDiskSetup

Version:
1.4.14.4724

MD5:
efa22fbeee6fca8f7089dee7d68c0392

SHA-1:
4249eb206342addef2d3ee19148121f124aa1a35

SHA-256:
1b4357d1faad98c2851b466650ff1a4b62043769b69ec3616d88cf3d33c96f66

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:24:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
17.1.31.17

File size:
1.6 MB (1,672,072 bytes)

Product version:
1.4.14.5242

Copyright:
© 2012-2017 ООО "ЯНДЕКС"

Original file name:
YandexDiskSetup.dll

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yandexdisksetupru.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
1/26/2017 1:27:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x91BD6

Entry point:
E8, 82, DB, 00, 00, E9, 79, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 90, 45, 57, 00, 00, 74, 05, E9, 3E, DC, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3, 8B...
 
[+]

Code size:
817.5 KB (837,120 bytes)

The file yandexdisksetupru.exe has been seen being distributed by the following URL.

https://disk.yandex.ru/download/.../?instant=1

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to webdav03f.dst.yandex.net  (77.88.30.218:443)

TCP (HTTP SSL):
Connects to webdav.yandex.ru  (213.180.193.53:443)

TCP (HTTP SSL):
Connects to downloader-default2d.disk.yandex.net  (5.45.195.140:443)

TCP (HTTP SSL):
Connects to downloader.disk.yandex.ru  (77.88.21.127:443)

Remove yandexdisksetupru.exe - Powered by Reason Core Security