yet_another_cleaner_gam.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_gam.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
1.0.19.13243

MD5:
791331cdc7e2fd1b075e2f56ff3ae3bf

SHA-1:
3e9886fabbe6cbad0e164d86969002f8a81572d0

SHA-256:
51af389703ac798410c4be7f64a67c28099732accb95af4e136a9c367b1cd0f6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.X
14.7.16.11

File size:
756.9 KB (775,112 bytes)

Product version:
1.0.19.13243

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_gam.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/22/2014 9:00:00 PM

Valid to:
6/20/2015 8:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
7/15/2014 4:52:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:hty6AxOVYlgqHF6YLjB8n2f+e8uQFRAP9Es5UJF1SI2vxD:iqqlJjV+eWFRi5I1svxD

Entry address:
0xFB25

Entry point:
E8, 80, 50, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 94, 77, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 60, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 94, 77, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7...
 
[+]

Code size:
112.5 KB (115,200 bytes)

The file yet_another_cleaner_gam.exe has been seen being distributed by the following 50 URLs.

http://www.yac.mx/download/.../down.php?pt=dnt

http://www.yac.mx/download/.../down.php?pt=brod

http://dl_151.yac.mx/download/.../yet_another_cleaner_broe.exe

http://ads.adsrvmedia.com/event/click/0/l_sDMiMqBc_IU3ZmUizv4Uac7JB-QrqyTL0Mhpt348TDBNmA7xa_iY10nhiJTajuCEZ53J2MS6iiWM7u_yKYeaP6TeaDQ9cgnNf5UnpuEcBIH2nlhMz1hnx37ziG8KzuWkeZwEI4CuxQWdbXy_TpLpJMs6wFPgXRe-ZGdD88mj_Q0vWDT6UHjbKCX_6yc-YcZoDGm58xw0mWpARzBgx3tPHWkSHQunVTSx2tN3iiMwlnb8hBQBYZ9xD_fcleMqVb_386h5A8sMroylNnCOTKMmYqtWMNmvv0ABr83Qz-uBeACkKQMM4M0WvIlw_ML8W9UTlfCpPyvUBUvTyyiyEN5FXCxYl3yRtxuYcSIO-fKTB-6OCI2VeIKi41faf7PO4NPBS-5cN8qqUbRkH66KK-1fAplVyZY-c5Dk11wZYh8XQudnRERfvH0m0TNA/.../

http://adm.soft365.com/ads/adsavess?sid=yac&ptid=mmacn&subid=kOFQGNE5X-ufTjk2QL1oZLU-_g4Q6vfr9BSB-1JumX3dEagi8WF9BNB51aZDkWhrVViNjaEz6W89e0XjotgDqFxlOxb4ZCVDICOlsYovuj02Qcg9B3fzObGF5jc3sjLDucsimoYMjQ1vVr0hAcSClz69sSUKZqJGuXZxg1U80inRiXa0eh4RTjdbtK26MaG8KS8TcRa9QizhTlU4psChZKL9Jdb3LRl5713PIBlQxXi3XPEFrVCPwT0apGhM66ODlRQ20dZ3nd62vaHt1bk-JCPtyGAIITTeKv5ZMQ-NmyEoifBzjMyaFU0nkGYgt5-Ldr-97j5IzWl3mDiD8jO_zl1IhR46WlB7L9Z8xTxATzKuJ_LN6_QM6BhStKtH8z61sh4ll3DDLNCksatNCdjRzp95mTxIKFS-BUEz9EglPvaa_d08U_Hg5QN-gppr5g&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://www.yac.mx/download/.../down.php?pt=dnp

http://nym1.ib.adnxs.com/click?vPX3-g_elz-Fzk0QWs-TP-F6FK5H4eY_hc5NEFrPkz-79ff6D96XP4i3paa6Xzt-Afk1GE-ANkydxsVTAAAAAHqJLwCtBwAAdgIAAAIAAABxbPoAY6oGAAAAAQBVU0QAVVNEANgCWgCmjAAAEqkAAgUAAQIAAJIA2SrbIQAAAAA./cnd=!XQexRQjzmvQBEPHY6QcY49QaIAA./referrer=http://www.speedanalysis.net/?cid=4425&ax=1&clickid=0070178227674011918&ext_inv_code=104082&dfpid=101104082&oid=7691/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CIHy18HxiaCbTBACGIjvlrWq99edfiILNzIuNTAuODYuNDkoATCdjZeeBQ..&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://lax1.ib.adnxs.com/click?bnfLjXOyuT9ud8uNc7K5P8P1KFyPwsU_bnfLjXOyuT9ud8uNc7K5P-3kYWmnE_RnOgWQmc90zX-2ls5TAAAAANubJAB2AgAAdgIAAAIAAACQKQABFbAFAAAAAQBVU0QAVVNEACADuAFsvgAAbsUAAgQAAQIAAI4AxyrFJgAAAAA./cnd=!wAVgNQiC64YCEJDTgAgYleAWIAQ./referrer=http://ib.adnxs.com/tt?id=2399195/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=lax1CLqKwMz5md3mfxACGO3Jh8v29IT6ZyIOMTg5LjI0OC4yMDQuNjYoATC2rbqeBQ..&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://ads.adsrvmedia.com/event/click/0/k260tcvJl8PiED5Un1i93ZJYcSMsk6Wm_OZdllcFNTJV-pl4HNAZ3nIMCqF48qbKjoZqKArb96LaGnFy-X8VpBufeFUcyyqXsNlXxEiHBNAmSCKMOD8MMi2NEoolCMvSL6QTMOflaxYWcYT2U5uNe5I8IZTqepe9-YwY6QfvBJk47KYTJsCcLWZfIsu6Bofo4xrjdS2RhWEWaSwTNHJr0bzX58iI-6Na4-QS9bG2l1nT5LtGxm9GvdaseFnjaXyl8fkod2_KhM5HB4gTieJGZKvCn9GELC-Ieohs6_BJnxTSudg_mp9cdHfB9tY2OU-XwzyyR_wIol5Fj35JbrTw7EaVIKfPDd8bDHaxnwYNfo_0nnwoTD5W5D4XgKLRLSeklZ58XmT8Um8ZuD7NNPsdn0qre3shBN2RQ22gs1LE06UB4raeuaEw/.../

http://nym1.ib.adnxs.com/click?wvd-i8QNvT_C936LxA29P-58PzVeutE_wvd-i8QNvT_C936LxA29P2Pdg8WAKN0E787DRbAYRVVNA8dTAAAAAN3REQB2AgAAdgIAAAIAAADIBvkACxsDAAAAAQBVU0QAVVNEACADuAGP1wAAyOMAAgQAAQIAAIQA2SrgFQAAAAA./cnd=!YQbJPgjwmvQBEMiN5AcYi7YMIAQ./referrer=http://ads.qadserve.com/t?id=a6e2c721-e653-4c40-9b6f-3b9a2dc8e6c5&size=800x440&iframe=true/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CO-dj66ElsaiVRACGOO6j6yMkMruBCIPMTkwLjEzNS4yMDYuMTUyKAEwzYacngU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://ads.adsrvmedia.com/event/click/0/ygILK9KgULZdruJF_AZ5LoGVhBA-53w42dIo3G6uC13VZRx-EmP9vfapRivVEPbBADaG9MKE8-LEU_IPfVFvqqV4AVh-BVwk8svJC3xRwUHRrU_8Q8Bz5KStiqf9MgnuPOYIdacKdKBMfGSLiaRZz7D06sEYvM_03a0tk28MINQHIYiXDGZcIcbQNxXLMyTOW1BDLLbGMe48ELdw_be8A89neDMWhn6TVT2I940cSpgE56wUyT9AcG_GzrLg0JBW2CY4D301InqkI5WBwFos7Z8bZZnsuMwCXJCqqFk37bJ_vj-tX2Wo8PfUOGUyA0EVbCWwP0fRjDEyu1lVjEfOworPD7nBsTWRDnv4FTj2aSUeCK3W6P0maOv0GyHL-tXn9mwLbAfCuytbQD_y6nRI80IUsq04eBhsRigFdex8jrjULA/.../

http://ams1.ib.adnxs.com/click?1hiH3CbhkD-ymQQJySmKP4ts5_up8bI_spkECckpij_WGIfcJuGQP6OC0YzWxv0kImkKJXGX_1c8FstTAAAAADEsJwCZBwAAdgIAAAIAAAA96eYAF9cFAAAAAQBVU0QAVVNEANgCWgDRmQAAJLgAAgUAAQIAAI4AKCim9wAAAAA./cnd=!LgbpOwi_m_QBEL3SmwcYl64XIAE./referrer=http://www.youtube.com/watch?v=A656QSqM6k4/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=ams1CKLSqaiS7uX_VxACGKOFxubo2vH-JCIMMzcuMzEuMjUuMjA1KAEwvKysngU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

Latest 30 of 121 download URLs

Remove yet_another_cleaner_gam.exe - Powered by Reason Core Security