yet_another_cleaner_mat.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_mat.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from adm.soft365.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
1.0.58.18343

MD5:
7e799f9d4360fe4bbe19980928074ba4

SHA-1:
e07ba5cb1e726fc4a47e3d1fa35e001b6b7747ea

SHA-256:
941c176fcfbf02072bf95a28e251837f1c452eb4e901107ccf6099359f60651b

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:44:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.14116

Dr.Web
Adware.Mutabaha.73
9.0.1.0310

ESET NOD32
Win32/ELEX.AU (variant)
8.10292

Reason Heuristics
PUP.Optional.Installer.X
14.11.6.5

File size:
890.1 KB (911,504 bytes)

Product version:
1.0.58.18343

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_mat.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
11/4/2014 10:33:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:lPMEsc/ISIgkjLGBx4twfS43tQ1fCowk8oiCp2ErgxobeaJ5mXnkJRgpGG:lPa+tkjLGzf9Boh8ofkEsoemIXkJipGG

Entry address:
0x11153

Entry point:
E8, 2B, 68, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 73, FA, FF, FF, 8B, 4D, F0, 83, 79, 74, 01, 7E, 15, 8D, 45, F0, 50, 6A, 04, FF, 75, 08, E8, 40, 69, 00, 00, 83, C4, 0C, 8B, C8, EB, 10, 8B, 89, 90, 00, 00, 00, 8B, 45, 08, 0F, B7, 0C, 41, 83, E1, 04, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 8B, C1, C9, C3, 55, 8B, EC, 83, 3D, F8, F1, 43, 00, 00, 75, 11, 8B, 4D, 08, A1, 40, CF, 43, 00, 0F, B7, 04, 48, 83, E0, 04, 5D, C3, 6A, 00, FF, 75, 08, E8, 89, FF, FF...
 
[+]

Code size:
142.5 KB (145,920 bytes)

The file yet_another_cleaner_mat.exe has been seen being distributed by the following 23 URLs.

http://adm.soft365.com/ads/adsavess?sid=yac&ptid=mmacn&subid=au4DFicpbzadaIQFx90QffNg0OyLVnFCfGhuQLq049n87YBv0WPIVjf6kWivPmuxnYvRAWEcLtSrlXNozQkjNXF6bRz1yud2rCGCbW5IOMvb73UE9gAPreE6RccKsHknT4YAGfAQnIpwNQc_DbLRVzhwvsBYP4D96qfnvp5Z93-Ht8DMu2obaE6sDchm7wBf9ylVYHUpfgBIvbS44T-qRrKpLf6kQJO80m37vrsatGNQP7a6J6exxtdhJRu5wCwepl0aZPrF-vjbT9nwShgBkqeDpXnjmxRndQE9vRvudmiLZhSR7tm1ysgHfDW7g6J2wK068pp6suwLSyYx66Bvqdii3UwXbshq0rdej2C1c7SvBwn-lcCjJeOibxc3zKaHgX7LQF5N7i6TVKcrdXewxvH3nGs0wora5A0-NtX6wXRgJI-OzemZqVw5OHTO3Rk&lplink=http://www.yac.mx/download/.../down.php?pt=mmacn

http://ads.adsrvmedia.net/event/click/0/pzrZ6BI_P-N5uJlEf18s7CvhZUkeo5NiZaJPSqkH-GWhSyizH37HebJGy3pb1TqxwdMsWnHX-XHqbNa-_8cdQGyPmnF8QRg-fjIC5QXz1pY0yc8RW6405GU8FMZ2XPslfVzlmjBhbSdDPClYVLXdI1mmJct1H1_fzNnHPmX56CXziBLv_qSygtpamQdTphnckR_Rf8nLiSN9H8JDmG9sS4DMVuTGH6-O1_Zv_TzLJLNPHSqhsc-X4IadXuEVVA0tFL2WGv4qTJ8AEq3PfC0NxB54tsLt8KVFNXPUvKfE2TKp3Y38xL6f5zXV-2I5fpi636bIyQxGIa5_a_tq69mBobzMgjLEVG008dJR_uD0waW4fMT7TgQ9TEYV_c42VRblKsC01XaJv6VM2DMewA81mxZNUWzMLoKnoIWzC40mkJ2NVagjoq9Ls1k/.../

http://ads.adk2.com/event/click/0/3NFf4O5mhYtXeLRgQMhRBMWCDqTKeCGzDGY5ZA7HmcDbGOiHdKRlskqHm7cG-OZntJXN3J3MwgsojkXJMdUsk8zuWas66cuj2MRs4uCwgQNoD4Nv5LROpjfsTahTaq5DY-0lVeco7dUQMm9WNfNX1qd6liz5v_zQeOt3y-Y6zeVNgv4gQVs8AKR8RJeYIhUKW2odzzGyOdz6GgwgdeyiSOqt3egfNBS5rGPnc7YBs6yYKgibuvIK06itTf8xF0cdwR9z2wtFR5jClJ60d8ucnVo2a_MOdg2FN-L62U20KPALdCFenM0Iglhg1LOFpa4JE92C92vJ6mRm6UaTmJ5OKln9Q4AvvAPvMrH4fKZo1vXxmue6twK_N4UD8b1ZBvyFXmQ30nwu3HUunA/.../

http://75.126.133.151/download/.../yet_another_cleaner_mat.exe

http://75.126.133.150/download/.../yet_another_cleaner_mat.exe

http://75.126.133.149/download/.../yet_another_cleaner_mat.exe

Remove yet_another_cleaner_mat.exe - Powered by Reason Core Security