yet_another_cleaner_nee.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_nee.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from mmtrkjy.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
6.0.161.22853

MD5:
a822b434ddc6e3a716b6ba59dfe2513f

SHA-1:
6b8aa50918be37934ac034d2501b6e12ce4876f9

SHA-256:
8c6295ab7229e6c5faa76f002036e42c4cb9ee907cca7007e1666c0738f54bb4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:40:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.ELEX
15.2.21.6

File size:
15.7 MB (16,473,152 bytes)

Product version:
6.0.161.22853

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 3:00:00 AM

Valid to:
6/21/2015 2:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
2/12/2015 11:52:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:qwwYrV25dAqRthIUrSTU+Wjv1pT/ABsN0+IJghOdX:z5mAqdrZv1xAxpJpp

Entry address:
0x3F7C2

Entry point:
E8, 9E, 1A, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 90, 29, 48, 00, 00, 75, 13, 56, E8, 91, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, B0, 88, 00, 00, 59, FF, 34, F5, 90, 29, 48, 00, FF, 15, 78, E0, 46, 00, 5E, 5D, C3, E8, 41, 29, 00, 00, 85, C0, 75, 0B, FF, 74, 24, 04, 50, FF, 15, 5C, E2, 46, 00, 68, FF, 00, 00, 00, E8, 58, 87, 00, 00, 59, C3, 56, 57, BE, 90, 29, 48, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, AC, E0, 46, 00, 53, E8, 8F, BE, FF...
 
[+]

Code size:
433 KB (443,392 bytes)

The file yet_another_cleaner_nee.exe has been seen being distributed by the following 22 URLs.

http://mmtrkjy.com/mt/.../&subid1=u5d47fe74549d9a3d67bbc2bbf6

http://www.yac.mx/download/.../down.php?pt=munbd

http://mmtrkjy.com/mt/.../&subid1=u44bf9dee54ac78752c8aca6d9d

http://www.softonic.com/sads/tracker.php?ev=c&co=ES&sid=500692fe2cc466cc08f7fc3757ea1d16&upv=5eaf8c4243aa3ca293c5c3289595784f&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2C4EC6E561351677C77086EC499320CACD5021AB3672758348078DBC31F8467FD710464AA1BE844A83576161450BDC5BD228E4861AC46EF5F914B28C8FC09A4772AA2FC5F5063DAB63C01D57FEDABA3097AA62338772E876F8A4532A6D4C8E15E7A600658D1C7E57B1591F4F268A49F2A12553F265695499DFE8A93F3B4A4A7BB1473DCA57FF366FEF81F88CF7D68C0C1&h=A8BA401739BEE519D6C95A7AFF91A54EDF6F539DF47DD3572DB100C33CE28338&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://mmtrkjy.com/mt/.../&subid1=33847853161424146312

http://mmtrkjy.com/mt/.../&subid1=15435970661424668363

http://mmtrkjy.com/mt/.../&subid1=u53c25e27543a7c729bc078e20

http://mmtrkjy.com/mt/.../&subid1=18406453491424533466

Remove yet_another_cleaner_nee.exe - Powered by Reason Core Security