yet_another_cleaner_gam.exe

yacdl

Elex do Brasil Participações Ltda

The application yet_another_cleaner_gam.exe, “standard installer” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from ads.adsrvmedia.net and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
yacdl

Description:
standard installer

Version:
1.0.97.21423

MD5:
bc7ceec8862413891d25c09f92afd886

SHA-1:
3dcc228ae23a4dba22ea2fbb68a34d47efd56c3a

SHA-256:
97bee5eece5f5800ad2f3cd25519438090959bde4d771baae4b4cafd597264d4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 3:45:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.X
15.1.14.10

File size:
1.1 MB (1,195,608 bytes)

Product version:
1.0.97.21423

Copyright:
Copyright 2011-2014 Elex do Brasil Participações Ltda. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_gam.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 1:00:00 AM

Valid to:
6/21/2015 12:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
4/10/2010 1:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:v0au0Wmed1LNTgY2dmBUdsFxU2JkkjCLdu090zIh+9G2QnAmB8:v0mgfgYWmBUsxUb6CCzIh+99IAmK

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.8952

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file yet_another_cleaner_gam.exe has been seen being distributed by the following 41 URLs.

http://ads.adsrvmedia.net/event/click/0/1bE4bZUW3HtCm7X-sJKImYgYa1DxQlkaCeeY_qS2TMZwktLTKulss8XjZmxCW2WsqFzoRDReZHyv5vzWplGN9h_-mALud7x0uWeiqtwASDhZELvha6sA9TuKEZpOJJ6eHnC1_uUiUVySuW9cuBy68J01f8t3T8R0hU5UAsT8_xcGYYOKtDye-iANX41DOEXwhU5-VPldTitjftMHjhZI51b_U07WXKAV1mqzM7p9VBhGvz2DMBrohQNxqeJHwhV_YmRiU0In--MQ8OZGerwlyrTJXs5rEU0--owI10mnVGRACzNQC72QSdEwMQMTqkEv_rpYrugXqb0yw8a6gkAYHIwOItT9C1O8y7lHdNTPJKXF-8ZDNQg_ZLhQBbzulD7uJ2BxSstWyBSU-GLyRv4329OQPohvyy_U/.../

http://www.yac.mx/download/.../down.php?pt=mun

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=W9sy8KPxNdCw9FZKSTakIEJNBGzknajMo7WRQA-gYpuoK1mpr11SY-mEeFUWGEKLXXZS_XrGjcHRiDkQv6YBBO5-b5XKiwdJfv4cBtPkGl1QmvMGuywzvTwVfqI2uSwJJ_8UTv_SmdCHWV32pqVFFHm_n3w5JL0-5MEWIPwxVg1Ze9DMZ2N5bj5qDbnSZe0rRkHoI9YAj2IBQIEiCu9EYMlyEUcxYcn5Ax42BcxzklfIopkQ83R5ScbN7Yvn26V8eGK9143EK12KCZaDTjvMvpizu02jG_ibb6JmCR8OZ_5LUKbQgZanakTXRm5nTeBdR8eiSFodEE-yteIbAMoxjkTFf7bIces7vBTtcZrETWW5iNVcfCnQOZxO4NmaMDnsL2b8dX1sMNn2uVfwtr4x4KAINrto0SFMoL2N&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://ads.adsrvmedia.net/event/click/0/-JnKXAlFIAjBhukN8lP9x0vKdBKicS6SCKI-rL0GzvgG7txJNhFs2folCyJMMjfxHD2s1adyy6UADn4v1YEq5iPpNsR-3_hR4rez4GVHL8pFeo8x48nxvPfccioSA7MsyB1NUwvAsm8EPDyWEAZusnub4dEpbwCipSskQXTh-Tqa8PVUrY-oVWda9CuSLKkPP59YBbDc7pKGF9TyT4f4QQ4RXApZHaaNrSkvXFt0s5BDuCVaHcl9JRR73MxWrf71Nm82yVRrLkb6-jbYDiaAp4n0ydkxbN5TbxopTgn1LbqJEIFqVdhPPhkGbwCW0fvME3vN3hVKO75aI8to88M1pYx5aAKw560RDRiFP9fa13duVhf1b5TvKAgczrNsDdsRDueINc097fTiK-TbPIIgIAdbBt0WLUkeVnKgsHa600k/.../

http://goo.gl/b3rNON

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=5toM9NKvSWRtUK6uGal-mvtuu_eJuyPzKM6sQLC9ZFjmUUpvtKEC9pqJ9uXiBUsI23jFG_3r9xgvu35K5P-J4ilOAu_38_TTrorlw8xAx50x1xSirWiwh_Xixx0dDf3fxwFC7tCbPqoWdFhqOL-VM1zIKGDM15rC1Iyr7osXBn7CYq3BpfI6VMaYuHmX-er8Nngk_7778vd_I3Z6hSzZg1H2xG-OGOAZuk40VBpyqp1_O0dBu6SjzPf_TtR__mRpy96Y7iWYKe9Lj4PUhY7P76t4-R8yCEU_nS7a4bnVUWxjYUHrIcLmIx_CdH37caawRCdKbk6LQgpfXQiwjxU09wZtOJ9R6k3-F-cRQu8BBZR_jmWg8n2AP6yLHQ-BpLrnqJ91yeY49SrvkVW4skH4CNIrHW36DnvhsDLaAPxT4DcvBnpwFZsMUQ&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=x3Izx_6UqPhRLUdkFNZuDCeZPChMzLiN499XpR-lBO45anPbrJDPSivllwxw4KYnO0qFayn6VlJrZ4Zbist0fsvLzwFgqiPgVOPdeMWBcdAsHuXNWN-xUx1lpJSt-U3SWN3I0R9SqR0Jp2pRlFOfwRmQV750KaLSlBc0lEBMJp2ZA0haN2ef5oGG-QoSHIqrAD_ZEXnHOxwm_YCWVCDLLFiXffZ2k9OSJC_0w10ZyigMwtnHBK0e2s1j7uZXBSbu19X4TQScFySydnhq3ekr9NBkk3qaH-Y-9K74rycy1Al_5UD-DxKcqiIWO0gKXSqBhO4UfIex_l7cVrdwfOCeTtTFbaaDw3WJGao4oYBKxhjQMHFrfgXYYT6lI5w5FsqY-ZnpZuTJWfIEdh5Bd3wOYBwEbNXNNBHilolv&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=epo&subid=NTczMDF8MTA3NTQ0fFBMfDN8MXx8|d8d97a266a1d4389dee35d271d8c79fc-9118-63173&lplink=http://www.yac.mx/download/.../down.php?pt=epo

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=mmacn&subid=RxCEF3JouphR7f9r3wZ4AZcMM2EteuMB8gs4BV3_GUhr-XKgrmLgPbzHw2DFNO6LfH18L1wfu1sq7mkBGrNJEp2SCa0qk8WbAOC_yEpstpfVrjduhqhxZABys2AMxDif2VObQzhT9Rohrk0VWSJGGYKTvu7hE6zt1mstItlWExtY99rP2bdufaOT9quZK3-TVM9MHvFnnKYHcBkBzKwuyhJ-1kzc3YRvvbk4ReA_5JgA0VITkgeZC1yxt-v40w8tZSKBbgVO89esZI_WB2IIOphGKU-jdLOBk1Jelad7oLJIuUKEvU2yaAJmea6blUEE51nRrivSwTs-xMoj37gYfJvCnk6hZnKjhgPJilX7XRmkjOcmGO22diFIqZbZd1V10jFQEtE_q4VlCW96p8LToRvA3UZbaU05AfbU0i4yp6hONOcTus4xf2qJmhVQQkY&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=amo

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=epo&subid=NTgyMTN8MTA5OTQ3fFBMfDN8MXx8|d61aad9784a9ac3863623e9ef2273356-9118-65011&lplink=http://www.yac.mx/download/.../down.php?pt=epo

Latest 30 of 41 download URLs

Remove yet_another_cleaner_gam.exe - Powered by Reason Core Security