yet_another_cleaner_mmacn.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_mmacn.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ads.adsrvmedia.net and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
1.0.62.18499

MD5:
5d3abf89192152fbdbf42904d11a7445

SHA-1:
e23bf474936298c2f82e4df73e269636cadd9904

SHA-256:
0cb3f10fc478f9a18af853034e16854c50907be56793f8febcbef948146c3aa4

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:39:34 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Rootkit-gen [Rtk]
2014.9-141113

Dr.Web
Adware.Mutabaha.73
9.0.1.0317

Reason Heuristics
PUP.Optional.Installer.Z
14.11.13.18

File size:
890.5 KB (911,824 bytes)

Product version:
1.0.62.18499

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\yet_another_cleaner_mmacn.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/22/2014 8:00:00 PM

Valid to:
6/20/2015 7:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
11/10/2014 5:21:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:rPMEsw/IwYgkTLGB8QISejEstXigSt7/LB43OZKPgQUY5s/jKlERV:rPaY9kTLGOQ7eHtXidt7zfsPrX5ycERV

Entry address:
0x11153

Entry point:
E8, 2B, 68, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 73, FA, FF, FF, 8B, 4D, F0, 83, 79, 74, 01, 7E, 15, 8D, 45, F0, 50, 6A, 04, FF, 75, 08, E8, 40, 69, 00, 00, 83, C4, 0C, 8B, C8, EB, 10, 8B, 89, 90, 00, 00, 00, 8B, 45, 08, 0F, B7, 0C, 41, 83, E1, 04, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 8B, C1, C9, C3, 55, 8B, EC, 83, 3D, F8, F1, 43, 00, 00, 75, 11, 8B, 4D, 08, A1, 40, CF, 43, 00, 0F, B7, 04, 48, 83, E0, 04, 5D, C3, 6A, 00, FF, 75, 08, E8, 89, FF, FF...
 
[+]

Code size:
142.5 KB (145,920 bytes)

The file yet_another_cleaner_mmacn.exe has been seen being distributed by the following 11 URLs.

http://ads.adsrvmedia.net/event/click/0/Dg5_ts2hn-wNPKwU-elfxHOrJBbVy_vmYgzyr9Hkhk_HepQof2sIszjsC7-Uk7BsaFr7QkJ_VCIMIn4EowSSTVruYhikwcfQMh9zNlCw_gvCFN-2z6WHbB1kSg05_iz5dou__xu3kh0nyqO1NEvWDL0iIn17IxNf4S3VeTaxZMB-v5VV9bef0t8cKablPgPGAHQ8b0f5pUU2UErRL6BnAodUTR78YvhAkWf3tvzGOWjYwr83LODBuzmrgKjko_ODlxzddCKVEu3FcFTVsGIysZhrNCkQnfJZkKtK4XG9-R37FsCvg54BJE-qoF17jJL3Gs4g2eUNw6-nbOcVZHxfzQmWTYFxsAT13v24qUbWoN3q98MpUuPLwG04gKv4LjGcb5uB8RFqU5Sj1tsYEihTdXLOIQ/.../

http://ads.adsrvmedia.net/event/click/0/G-PBN-rh9q1qpi8Z0Id-t4pf7sADeHxuLRHi8ILamLokzP3r8cLv4HOO2OAeOE1e_KbNkMiPEo3q0ctp1upXnpw-BIlJISUyrAjsAsRuM-WyfkgmhSg_clSqAfyAlj9ltjR3ALCHZl-tTgJpHvnBzDvLh5MGVSW54TyhWTJH3sds5eCzwkUtf6RXz-XzKWVGzBK9KaENu07f_DOjsIDNqUrp8fUtQj5C4ukWq_eNDHFp_W84syzpvZGb2_HJn1F4LhD-ox0EmVimu6rSMKWX8eWqoOyvHAqgLxSX0L9_ceqd2AFyRRpe2h_aNMngOl7XnCvF2VPSOwHayjbWtrX0cxVksWXbwQsVI3cOTvPCXHeGfZ5Agrn8MXWCoWvKkbv3Gh3ZZnpqgAP0weo1fXDrRkc/.../

http://www.yac.mx/download/.../down.php?pt=mun

http://75.126.133.149/download/.../yet_another_cleaner_mat.exe

Remove yet_another_cleaner_mmacn.exe - Powered by Reason Core Security