yet_another_cleaner_dnt.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_dnt.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from adm.soft365.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
4.4.46.11034

MD5:
28aa8ca2803b1daf14de11f04f92f8f2

SHA-1:
b8ab6f2b017c6d9a87be8f4ab0472a9471bf5bf0

SHA-256:
dfbcc02f98db4db2db35075196fc9ca4217c962108e793dd0ed03f50b6ead01e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:10:33 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX (variant)
8.9827

Reason Heuristics
PUP.Optional.Installer.X
14.5.21.2

File size:
11 MB (11,568,296 bytes)

Product version:
4.4.46.11034

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\yet_another_cleaner_dnt.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/24/2013 6:46:21 AM

Valid to:
8/17/2014 9:28:53 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Consolação, S=São Paulo, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F51916F2BB9F54E82871FEA88CE8F5E

File PE Metadata
Compilation timestamp:
5/20/2014 12:07:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
196608:I4W50sC/vpCL08qjEBMqiqYNO/TKCanzqQ4pTGRyY5x+OHI+GLcLhh1RH9AE:I4WUqqAG4OVulpaQSx+4VRH9AE

Entry address:
0x12B7A

Entry point:
E8, 9F, 4B, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04...
 
[+]

Code size:
108 KB (110,592 bytes)

The file yet_another_cleaner_dnt.exe has been seen being distributed by the following 50 URLs.

http://adm.soft365.com/ads/adsavess?sid=yac&ptid=mmacn&subid=LFCi6R0tC_jtitcMVLIkVclHsmsyWx931-nrgzmQ9yKu99cK50sSlt-6vkBCT3XY-wFkUQ8E-18hUoDN7TuBzKowBLd97N_aI39HmEXesX2_eIYlriTSX_SxcL3xIr6AAYqFfppFSr7qtcg9igFh5GwdDisDAObkJKSSeu1e0iSFNSUcROGlqEtY9E-C3hA6r7JgXP956sJ_9iA9BygLW09vDwjTs0wAmQw2wuSmFDAk7-7H35R3az_ES-pNgbIlFMg5I5UKiIN8kB9jhrMvcr3XIfMiVvGWHOnjkZO6nJTF_4uf_zTtFctsrXyUGx4y4WYVUO218Jy-Qe7YMHNRSFmTHNPdslx3U_RQMOhk125i899g7-FQyRwvwLByfiRdYeg99GztQA&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=val

http://www.yac.mx/download/.../down.php?pt=xtva

http://www.yac.mx/download/.../down.php?pt=avab

https://secure-nym.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAKjGSzeJQcA_AAAAAAAAAAAAAAAAAAAAACQDj61DSx9dRoEjOIpPZgiKoYxTAAAAADQKJwBSBQAAdgIAAAIAAACDOOoAphkGAAAAAQBVU0QAVVNEANgCWgD0YAAAk6sAAQUAAQIAAJAAchQ5_gAAAAA./cnd=!Xwb9PQjqmvQBEIPxqAcYprMYIAE./referrer=https://www.youtube.com//clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CMaCjsGj8ZOzCBACGKSGvOy66NKPXSINMTg2LjEyNS4xMy4zNCgBMIrDspwF&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://lax1.ib.adnxs.com/click?ehSuR-F6hD-4jQbwFkiAPyGwcmiR7ew_uI0G8BZIgD97FK5H4XqEP94zBtxwMS8hIYybwQI4JDLQP45TAAAAAE80KgB6AgAAdgIAAAIAAAAok-8AVn4GAAAAAQBVU0QAVVNEANgCWgAplwAAF20AAQUAAQIAAJAAxiJHXgAAAAA./cnd=!qAafPQi3rfQBEKimvgcY1vwZIAA./referrer=http://secure.demand-go.com/serve?zoneid=287883/clickenc=http://lax1.ib.adnxs.com/click?rzBIme2Ogj_k2N3gNCB4P3sUrkfherQ_5Njd4DQgeD-vMEiZ7Y6CP29LxZXx6mcdIYybwQI4JDLPP45TAAAAAOT8JAAdAgAAUAMAAAIAAAA9ocQAJC4DAAAAAQBVU0QAVVNEANgCWgCmKQAAbMEAAQUAAQIAAI4A3Sc6KQAAAAA./cnd=!cwaBPgi42e0BEL3CkgYYpNwMIAA./.../clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=mman&subid=lax1CKGY7oysgI6SMhACGN7nmOCNrsyXISIOMjAxLjEzOS4xNDcuMjUoATDQ_7icBQ..&lplink=http://www.yac.mx%2Fdownload%2Fconfig%2Fdown.php%3Fpt%3Dmman

http://dl_151.yac.mx/download/.../yet_another_cleaner_mma.exe

http://adm.soft365.com/ads/adsavess?sid=yac&ptid=mmacn&subid=j0gixLka8J0FfRnMioPFYcakdTfR7JoIOB5eG3FRhbFIk7KdRAwStkBFDOp55VKnR7AJtjEQ73ZG315NATs86ObvRYwBI1-H2g5DPb7tum1xhmd_4mJGm2RmLrU1qo4I6drQgXWUeIc5aVe6oxsC0VSo_o_RmrvDk8O99Zt9MlXxsfm27g0QJjGZMTJRZ2ZJcWhZvgcPUuBWMZ6LlecONAe3EkvvoPBpPKuQDkGKWm9Z7hA9ja0-77H5FbCaIZHsgzsMaNj3SakNTngNDLywrbSAHZl4hFdruoEIb09RC7BmJEUjbbBDc6YcTtlxwXC4QGWB95Rcy-GKX-Pmi1OAXTDlxRlNf45Yv6bYH8kon_EPsMUROUzQrkjSNOYTAWai9fyt8EICEovRsXoqVsgvB-s4ulXKjxde&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://lax1.ib.adnxs.com/click?IBwqFCDjtj-FMsAuATKyP_T91HjpJuE_hTLALgEysj8fHCoUIOO2P5h2in4i-IohwZfFbdvlVWeqvY9TAAAAAL19KAB6AgAAdgIAAAIAAACYPOoAdy0FAAAAAQBVU0QAVVNEACwB-gCZzgAAf9wAAQUAAQIAAIoAICZEvwAAAAA./cnd=!6wbxQAjlmvQBEJj5qAcY99oUIAE./referrer=http://d1m28cwm9ho97l.cloudfront.net/third-party/creative2885.html?ss_pub_url=http%3A%2F%2Fwww.tv-envivo.com.ar%2F2011%2F01%2Fcanal-9-en-vivo.html&cm=http://cts.servesharp.net/click?c=957;a=2885;d=177387;k=/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=lax1CMGvlu62u_mqZxACGJjtqfSnhL7FISIPMjAwLjExMi4xNzguMTMwKAEwqvu-nAU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://lax1.ib.adnxs.com/click?exSuR-F6hD9YObTIdr5_PwAAAAAAAPA_WDm0yHa-fz97FK5H4XqEP961UbjcgXIv4zc_JifVx3coM4ZTAAAAAC5IKgBXAwAAdgIAAAIAAAAok-8AH-8FAAAAAQBVU0QASU5SANgCWgCnLAAAEW8AAgUAAQIAAI4AHyOHQAAAAAA./cnd=!UQYOPAi3rfQBEKimvgcYn94XIAA./referrer=http://us1.badoo.com/encounters/?rt=3bab19/clickenc=http://lax1.ib.adnxs.com/click?6IubwSZhkT_V-xf2eEiPP8HKoUW28-E_1fsX9nhIjz_oi5vBJmGRP1pstVrQqcVR4zc_JifVx3coM4ZTAAAAACi9KQC2BwAAEAkAAAIAAABNcfAANkQGAAAAAQBVU0QAVVNEANgCWgC7SQAAEMIDAQUAAQIAAJAAQSlDzwAAAAA./cnd=!awYBPgiavPUBEM3iwQcYtogZIAA./.../clickenc=http://lax1.ib.adnxs.com/click?2d_4aKTOWz_3TRkIKyJVP8UgsHJokdU_900ZCCsiVT_Z3_hopM5bP22T9gexWzQr4zc_JifVx3cnM4ZTAAAAADHFKAAyAwAAQgkAAAIAAACOGe4ABCEFAAAAAQBVU0QAVVNEANgCWgDwBgAAMsIAAQUAAQIAAJAALCT-5AAAAAA./cnd=%212QXjNwicpusBEI6zuAcYhMIUIAA./referrer=http%3A%2F%2Fus1.badoo.com%2Fencounters%2F%3Frt%3D3bab19/clickenc=http%3A%2F%2Flax1.ib.adnxs.

http://www.yac.mx/download/.../down.php?pt=tlv

Latest 30 of 95 download URLs

Remove yet_another_cleaner_dnt.exe - Powered by Reason Core Security