home

yet_another_cleaner_kwob.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_kwob.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from nym1.ib.adnxs.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
1.0.0.7

MD5:
a0a3926c20c06738d1e113a66bb3a258

SHA-1:
3ac7d0d7c42fc23eb69f423aa3a2292ee04a2a6e

SHA-256:
4982ac779bc205b669d5ab5b143c68bd57b06cbae00b64a3ecc29b972269069e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 5:27:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.Y
14.7.2.2

File size:
724.2 KB (741,608 bytes)

Product version:
1.0.0.7

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_kwob.exe

Digital Signature
Signed by:
Elex do Brasil Participações Ltda

Authority:
GlobalSign nv-sa

Valid from:
9/23/2013 10:46:21 PM

Valid to:
8/17/2014 1:28:53 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Consolação, S=São Paulo, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F51916F2BB9F54E82871FEA88CE8F5E

File PE Metadata
Compilation timestamp:
7/1/2014 9:07:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:9E7riUpi/ygcu/TEPHn1W/0y3Nel7WktlZ6RrbotoBn1kUAYl075F8:9EJmcu+HkdcWktX6BN1gY2D8

Entry address:
0xD885

Entry point:
E8, D7, 50, 00, 00, E9, 7F, FE, FF, FF, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 94, 47, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 30, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 94, 47, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00...
 
[+]

Entropy:
7.5115

Code size:
103.5 KB (105,984 bytes)

The file yet_another_cleaner_kwob.exe has been seen being distributed by the following 50 URLs.

http://nym1.ib.adnxs.com/click?tiWPwYS8wj-2JY_BhLzCP_p-arx0k7g_tiWPwYS8wj-2JY_BhLzCP9IynO-E9bdsgLkR-yoveDm6y7VTAAAAAN_REQB2AgAAdgIAAAIAAADKBvkACxsDAAAAAQBVU0QAVVNEAKAAWAKP1wAAU8cAAgQAAQIAAIQA2StAcgAAAAA./cnd=!YwbdPgjwmvQBEMqN5AcYi7YMIAQ./referrer=http://ib.adnxs.com/tt?id=1167839&size=160x600/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CIDzxtiv5Yu8ORACGNLl8PzOsP3bbCIMMTkwLjg2Ljk1LjgzKAEwupfXnQU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://dl_151.yac.mx/download/.../yet_another_cleaner_bro.exe

http://www.yac.mx/download/.../down.php?pt=soc

http://lax1.ib.adnxs.com/click?rsazdkFzpj8q6VdbbviiPwAAAAAAAPA_KulXW274oj-txrN2QXOmP0UpLyQ1wPF15qZVoGzhWEOp7rRTAAAAAJCWLwA_AQAAdgIAAAIAAABlbPoA5qEGAAAAAQBVU0QAVVNEACwB-gAZkwAAEuEAAgUAAQIAAJAAdib9KQAAAAA./cnd=!3QaRPwik9IICEOXY6QcY5sMaIAA./referrer=promociones.baratos.com.mx/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=lax1CObN1oLKrbisQxACGMXSvKHShvD4dSIPMjAxLjEzOC4xNzguMTEzKAEwqd3TnQU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://ads.adsrvmedia.com/event/click/0/QWHCoQXdBSpBSoBZXO0gTQYJVijo8ZM-bizRyvdozoAMOJ86pbM0TM53Shs9y6ZWgKnBqCyr_p-zPAckSU5l2qTUbq7bOWlMm5pGpCwPChDlxeddXmON6oedIMI-QdLzfz_sW4XaYzY5I5lksF4KI5oxDQdyyboyF_AbVZfd_xh43CrVNV-WpOqBCLAfynhSHfooyDhAojQXce4VLzNccWsfOzo9QpxGfEODze7jBUIusNg_H2cg5tc7b3l70SElR1AHNzHtYpGaz0uLTZywlB_nfslRQD8dQ_lA-6FeENvluQ-46VJxEfTV7PqdRtUEmk5EnpQ8o-6WmEt1v7PQLTQ17h9L6UPO9yKlGciA2hkhr9sjKhpJEp917B-dW9-slLbSmKo3LY14MGyT7ENHUNWkEqE89R4mzm88W_8Ff18uwsVDncrbEaXcsfo5x0uNZlnDfadRoHVcwe0QGw/.../

http://fra1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA_AAAAAAAAAAAAAAAAAAAAADtLEYBi208Dnt0YtB96sizWq7pTAAAAAG4rMAB2AgAAdgIAAAIAAADEBugAt_oGAAAAAQBVU0QAVVNEACwB-gD3WAAAtdoAAgQAAQIAAJIAvxWp0wAAAAA./cnd=!LgaaOAiKm_QBEMSNoAcYt_UbIAQ./referrer=http://www.youtube.com/watch?v=4eWfRjyp2Nc/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=fra1CJ6746D7w57ZLBACGLuWxYCo7PanAyINOTMuMTEzLjEzLjIyOSgBMNbX6p0F&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://www.yac.mx/download/.../down.php?pt=glp

http://nym1.ib.adnxs.com/click?_5rTMGFyZT9B8UNwwUNhP8HKoUW2880_QfFDcMFDYT__mtMwYXJlP1xe4f6kFphRYIN3z_lrOyLVWbRTAAAAALNXJwCrCAAAdgIAAAIAAABlbPoACiYGAAAAAQBVU0QAVVNEACwB-gA3mAAA6eEAAgUAAQIAAJAATCknYgAAAAA./cnd=!5wbtQgjsmvQBEOXY6QcYiswYIAA./referrer=http://intag.co/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1COCG3vuc_9qdIhACGNy8hffP1IXMUSIOMTg2LjE1My44Mi4xNjIoATDVs9GdBQ..&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://nym1.ib.adnxs.com/click?3ElMqLIomD_cSUyosiiYP0oMAiuHFqk_3ElMqLIomD_cSUyosiiYPzUdPGO3yGINGB0WPXrTdy_D8LpTAAAAAL5IIAB2AgAAdgIAAAIAAADDBvkAATUFAAAAAQBVU0QAVVNEACwB-gCdEwAAM6cAAgQAAQIAAIwAfyJTHAAAAAA./cnd=!jgZNPwjwmvQBEMON5AcYgeoUIAQ./referrer=http://ads1.qadabra.com/t?iframe=true&size=300x250&id=c2f0a4c5-3a78-4b84-920f-8e0acba97125&open=http://ib.adnxs.com/tt?id=2474142/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CJi62Oij7_S7LxACGLW68Jn2lrKxDSIPMTkwLjIzMC4yMTIuMjIyKAEww-HrnQU.&lplink=http://www.yac.mx/download/config/down.php?pt=broe

http://www.yac.mx/download/.../down.php?pt=mmac

http://lax1.ib.adnxs.com/click?y_vtJnVtsD_L--0mdW2wP-kmMQisHO4_y_vtJnVtsD_L--0mdW2wP1KLLLfUnvglkrz3gnI5HihH1LRTAAAAAKGLLQB2AgAAdgIAAAIAAABlbPoA-7oGAAAAAQBVU0QAVVNEACwB-gCYUgAADq0AAgQAAQIAAJIAICtNKAAAAAA./cnd=!_QZ3PgivvoICEOXY6QcY-_UaIAQ./referrer=http://www.computrabajo.com.mx/bt-ofrlistado.htm?Bqd= ST012 TM003/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=lax1CJL53peoro6PKBACGNKWsrnL2qf8JSIOMTg5LjE5NC4xNTYuNzcoATDHqNOdBQ..&lplink=http://www.yac.mx/download/.../down.php?pt=broe

http://www.yac.mx/download/.../down.php?pt=smo

http://ams1.ib.adnxs.com/click?1UUv2eF3wT9uFV3wSsa7P-xRuB6FaxNAbhVd8ErGuz_VRS_Z4XfBPzHX2VFhqM9kIF2RGIC9CHp7qLpTAAAAAOfdIQB6AgAAdgIAAAIAAABlbPoA1nMFAAAAAQBVU0QAVVNEACwB-gBcZQAA-sYAAgUAAQIAAIwAjSmwOgAAAAA./cnd=!RQdkRAjlmvQBEOXY6QcY1ucVIAE./referrer=http://ib.adnxs.com/tt?id=2219495&referrer=[REFERRER_URL]/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=ams1CKC6xcSBsK-EehACGLGu546VjOrnZCINMjEzLjM3LjEyOC41MygBMPvQ6p0F&lplink=http://www.yac.mx/download/.../down.php?pt=broe

http://nym1.ib.adnxs.com/click?SrEQ3a-Voz9KsRDdr5WjPwrXo3A9Cu8_SrEQ3a-Voz9KsRDdr5WjP12LZgbe3zpvN8RMDwnEOV8nMbRTAAAAAKGLLQB2AgAAdgIAAAIAAADDBvkA-7oGAAAAAQBVU0QAVVNEACwB-gCYUgAAkbAAAgQAAQIAAJIABCdndgAAAAA./cnd=!XAbUNwi8g4ECEMON5AcY-_UaIAQ./referrer=http://www.musimundo.com/catalogo/1625~computacion/1629~computadoras/1630~pc/Listado?gclid=CMn52pSEp78CFabm7AodijsAoQ/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=nym1CLeIs_qQgfGcXxACGN2WmrPg-7edbyIOMTkwLjE4LjE4OC4xOTQoATCn4tCdBQ..&lplink=http://www.yac.mx/download/.../down.php?pt=broe

http://lax1.ib.adnxs.com/click?40Zo5YiszT_jRmjliKzNP2Dl0CLb-dY_40Zo5YiszT_jRmjliKzNP5u8E7r8PPMqe0N_vHgBC2nDdLdTAAAAAN3REQB2AgAAdgIAAAIAAADIBvkACxsDAAAAAQBVU0QAVVNEACADuAGP1wAAma0AAgQAAQIAAIQAKCzruAAAAAA./cnd=!YQbJPgjwmvQBEMiN5AcYi7YMIAQ./referrer=http://ads.qadserve.com/t?id=a6e2c721-e653-4c40-9b6f-3b9a2dc8e6c5&size=800x440&iframe=true/clickenc=http://adm.soft365.com/ads/adsavess?sid=yac&ptid=broe&subid=lax1CPuG_eOLr8CFaRACGJv5ztDLn8_5KiIOMTgxLjY2LjEyNC4yNDcoATDD6d2dBQ..&lplink=http://www.yac.mx/download/.../down.php?pt=broe

http://dl_151.yac.mx/download/.../yet_another_cleaner_cdla.exe

http://www.yac.mx/download/.../down.php?pt=smt

http://www.yac.mx/download/.../down.php?pt=brod

http://www.yac.mx/download/.../down.php?pt=kwo

http://dl_150.yac.mx/download/.../yet_another_cleaner_afd.exe

http://www.yac.mx/download/.../down.php?pt=mcr

http://www.yac.mx/download/.../down.php?pt=mmab

http://dl_149.yac.mx/download/.../yet_another_cleaner_vel.exe

http://dl_149.yac.mx/download/.../yet_another_cleaner_mar.exe

http://dl_151.yac.mx/download/.../yet_another_cleaner_vel.exe

http://dl_148.yac.mx/download/.../yet_another_cleaner_cdla.exe

http://www.yac.mx/download/.../down.php?pt=cdla

http://dl_148.yac.mx/download/.../yet_another_cleaner_vel.exe

http://dl_150.yac.mx/download/.../yet_another_cleaner_mma.exe

http://dl_148.yac.mx/download/.../yet_another_cleaner_mma.exe

Latest 30 of 54 download URLs

Remove yet_another_cleaner_kwob.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.