yet_another_cleaner_ret.exe

yacdl

Elex do Brasil Participações Ltda

The application yet_another_cleaner_ret.exe, “standard installer” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ads.adsrvmedia.net and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
yacdl

Description:
standard installer

Version:
1.0.75.19786

MD5:
ca0198e4431779a1abe8d5887a03316d

SHA-1:
b87c0fa8a22e4779f3965a01f456c4aae1cdb24a

SHA-256:
c0344ddb67dc7c976a47a68609307b8d09e9b331a8cd69e15f65ba4d95c90b54

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 11:19:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.X
14.12.10.17

File size:
765.2 KB (783,536 bytes)

Product version:
1.0.75.19786

Copyright:
Copyright 2011-2014 Elex do Brasil Participações Ltda. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_ret.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
3/22/2010 1:59:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:rc/tb3x3P450u5Inb7RbEZ/LwtoM+KqxM0yKHFtJnlSV9v9c5:YVbhQ50QCbEZ/LwtoM+iKHDJnlSV9S5

Entry address:
0x114F

Entry point:
E9, AC, 55, 00, 00, E9, C7, 94, 00, 00, E9, 12, 99, 00, 00, E9, 6D, 94, 00, 00, E9, 88, A9, 00, 00, E9, 63, B9, 00, 00, E9, FE, 99, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
57 KB (58,368 bytes)

The file yet_another_cleaner_ret.exe has been seen being distributed by the following 50 URLs.

http://ads.adsrvmedia.net/event/click/0/RUX2DqP0xJ-nTy04HqKTgsbQfSf8ysF81sqh8Iq046utnU20uDGiPohvL_U8cx17tDrMb_yVWJub9gOrQz7d082MUTKtZ3u1pPd7wxfmA6gGYJWhQSi4oBeSQVhSadzXHvvvZVpxtyRPRbachzfQcJAJlY7vxalxx9snaC65tCi3_wwuyRfC5C_lYDMnrmq5fk9JsXYdhtUbRCTJFEi3y-90KuVJ6AcjWOsxL9OJTMrimS1hd4BFYa0sqpN2qIB4KrUSJ0P4vQx1lHSewlzwqQZTT12b6MMmu4rCWGSGwS2EGpoYIiiETh8Qk1ZzJaFSslnN4AXBS8E0z7blHNTfTXdqR4ubGXNKfbMtQ4j6dEXwituIWoUXYarmtxeqEwnUlMAtWiSd38jV6clAdDvn_Okek6j25UmCC6tFgPe_97Mvrl8hqg/.../

http://ads.adsrvmedia.net/event/click/0/f_LVS67GRSpeo9DlQ9Eq3_t7V4r_L3VNrKCtiasWti6xvqenr1NnO6HCbYUg21TsDxifE89JBZAAY6hY1hsXB7Co046hqwC7J55wX_AdgclDU6OvETphMra0ysTf0GMOeSGGNIiqhxpzvGggpugAYRrdhIl9YEcfK5PdEFFv4Jby1Als_3r5oLz5spRg0TnCrhpS-svdSWlKRlU2bDdM-Lzn7w_3ay04ElpHw__VHlND2pM8Np756TFNrTIC4b9VMqMX-5ReTxNzooLAoHjBNm6_5pnd8RsGzj8nfXp4sChFoEqUjZDW6SKVGBE5b1-RzwuX2kQzwOOIl89lDPeyog7L_jGw3xJ4W06pTrav8msTkvJhvztKKLC7EinZa0aKPHRWy0TzzkLc6NZV9MMd6CbZGwV3wte_hIR2-IUz/.../

http://ads.adsrvmedia.net/event/click/0/6s1LFdpsmoP0pcxxBVysnEmMAYP1Fb7spGg1pWASLQTq_NELiJ-yKHvIL9gIobAmntdismvXxZ1X1IAqVxYagNXQ-mhCLx-t52wJfXU9sNDlOz0H-TwHKg3IRabH0TC9cCWKQCe89HpI-vO2SCySMnR6SygvyBBqK9_em0D7uh-aQJ8Xvb09dPErKHpKZyvLB9A67xiOMzIHR_DmYLABprrAGAzQnX7-W7SVEM19_a3NXQC3LXVoxx8wwiBBZkHxU_4nmewe22_xsr2QPrC0161Kgk7OFJwXgxV5--0zrtuJgGyIvZCuvhH-6dVlC1NMasjeIX-vj8-OVHxOOjn6BD3130RvhAwrVaBmCfwkGFmGrPyZZlT9DqV_wBxb7UtmyOW5AiQodK4NhpqlxdEEuJzBTwBw0iBXRT49WuGRQQnLjSBylUKjyB-1paUbOIo/.../

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=epo&subid=NTczMDF8MTA3NTQ0fEhVfDN8MXx8|d8d97a266a1d4389dee35d271d8c79fc-9118-63173&lplink=http://www.yac.mx/download/.../down.php?pt=epo

https://adsrvmedia.adk2.net/event/click/0/5sAfebJnMNrOemBl3Zvdk8-EUH4BXrMYoUy2QbEjx2zEunGTqQnPZ0Ob4mNssSIbBIpxVyPK499daGTy1rOj5Cc1aEtc1gWNe4RuVjThgXr638xNxs4aKO22pU33zvEfE9ACN1eQmfcV702PHHdOL6bbzm4hg6XZ2itEOt8-LaGJjOQarjp-FsT4wVl04FHnzq6wWYpdqiK0qGpqSxJbSNH2vbXQ8Bxe1eeVVhuZuXcestIGRTFJqUP6Ysf4lFV7QwYHbR5kO5smxVX8VZrxjNxTDUPoP2M850u8uIoOZuJAq7eTM5IJEYVd_oWyaChNrKA0LbR3o5roeutkq0YoHwBNFeahBdKMFcCOQASuh8BQS-KTJb97O1ckxJUkThQe0gRXHqendjgBrojsDQimeB_xEZLR7NCdEi4s46A/.../

http://ads.adsrvmedia.net/event/click/0/pmepP1WdvhKtvB7TEpIBp13sgonTsTwK5hcBufnwtFrfCBmte6hTqtPkO9TKIs6BUpXYpUCJLHbl4gliNqezvw3mq8RGyxy57QPMiZuT6kfHhPDd4dsEwRRqJloBO97MVtWMj4GQbhhHU2vUrmFhdJG3MXR3FVsGr9l1VmVbpTRpQMkLrYPRyXDHHNg3J-44YajSJwpU92EMBYU8dFFl5DJOrNXPxDYTZ-990VmRHlLa6AnyQtWXKT_wxpqfU6GB_hPoNoXoayZ4O--dJmT6kTgckc0AHbUKBkrCYDkJQPc1gUOr2O0zRgzP0a3ypiRFo_Cpe3QhdonuVPvsufIoUWdR9I3taATkqqd3nz0pwhdkBhHGa6HA5uEi0RariVWtk5mq-E5uyQcj8tYpYHhHatOHuGwwYt07XahC/.../

http://ads.adsrvmedia.net/event/click/0/iiUyZyZxNma-iWgO2Gw0tniGFYLSh6sQ7WYmtODcd6wctsVKvtWqzgIr_r26n2MAvXnnwPc2bHqAqjE9qlFsQ_MwcKcxhABZNMDbpO_GAjHJPsv0qck2yspiQ_gI351JfSdwumGFoRApgWZntot-gWsLimkO7o0o--HtFu8dq4e71BwhskFLHFrhOeM5DiJQWSuca36zLcHCTkAZo1GFPob_o60u4t7yZxFrkjIk9HyvFQDKfBbnHRI0WiY0SQocABx5wRzQlWQBIZKbuECKGcgPd6XF8dkk9LxenJyaWay4ghIyqG5jpa5-oSzsHqNlChfq6O4t2xmndPsPjRY52yx_5DvYvVCvgC0k1qRbHb0szxadbhDN7vvhFVxEYiwDD78dPshFEQeCfrhDuxBuVy1ZOBEaXjHn/.../

http://ads.adsrvmedia.net/event/click/0/NIphCRR2EcfKnrVb-ozugJ0E5OjqomFPKO8sfiQX4lN2ozGCP0a1HJUGT_-vqe4XqKyCQHTKCLcddMS-OOlEHPNaWq9ga05P0dnTjoUWMzyNK9JBl8vqE59meIW6USF98S8G5xUZYM7VQTC2j-rXcRU0C4tYpv3EWcdlxj7hOD82EKhp3oPiWgVpRk-rqMOFZKpVpWRicmunxed8eFEypaivYLn-aETVLgIyfaN280oNLz4JAjC5iICYCUHMRHcip9a3GcB4BCp65izZ8dmrO1fqncH_W-WJQ2V-68yfXd4RgQMA7rdqUCfmQoB9DgOceVIsG4Yi5V4IGtUBTUi7ZWn5Cf4gChPeQT2orlfXDBr781qQ5zqwvPay_gK2gD8A4v2FB6epK-QmovHBh3ISavtpFiEot0VABB4fO-I/.../

http://ads.adsrvmedia.net/event/click/0/CHF530VeX8viwiop4kzCWSG2yOBVqG1tkX4Q_q8BDIMpUFTMb-CeA4FrZqo4C-UEGbF_ZRoz14jSVHnFIb6cSE-MZm_WPCQMfCjeJH9wcHt0j_n97Eslbn5JkMOA5biBd2vi3B1I135eoAL9l8_E0dwkk2DH6lNdHjg9jOho5RSKdXPI6DHa9WL_YmXRkna_-f_02iHXnS2daiSroqQkv74FG7DkS2mYpCiqp2sCdbHQWlDKSpqMnxFYKY5JIhLj_Mbhu8X9ua5E5Qm_HFMcz837GCSOC6vHqQRZs-hqypq_v7sU6r4CX9WyBNe88Btnya2KEql3Nm33C2CR-FVH3iCpJkLa2_XjA3BZaSXEJU0z_mGV6ZHcjJhjd0_rm5qZk5lT0uDfFVEE1HrqXHhgXq6yP53X_A/.../

http://ads.adsrvmedia.net/event/click/0/2tiWitpNbvLVLHkDjneZBwsLACsgaJrBixFHcp1nwUI-yqDBsrknyFzwouUEx1F4okVD99_qmzMaQ8JwWlEpNeXSaARRsmIxnHKkCqgDsXGUceWIEBDyBmAzqlwyxoSYwaaa2l8FeLcEQerfQ8-lcTrQFFKpTl6sl5MIWVV6LluTXPCNqCWp8xE2H_cCgUhZ9HGQHudNLFvg7cSeWh6iivu_UyKCfgMlwfaaAHsrWmNjSP5ennVTJGvcIk010oWzoEdjFhflli3NJQzM7q9hwZzZ25P1J-OomtwDV5PxaDoDALvTxQh1Ya0Foy6rEUK9tK6uKXAZDw7TWrjT8hVVDA_2QQo0j-mQ-6kkjdc_C-TQOsOOF9htyuUnWiF-ZEXG_AfOdpySLfVlY1vSmonSyyy1NHTeJfwh9A1uNujSjs0sofJ5vo_cCqVj7laUCBQv/.../

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=epo&subid=NTczMDF8MTA3NTQ0fFBMfDN8MXx8|d8d97a266a1d4389dee35d271d8c79fc-9118-63173&lplink=http://www.yac.mx/download/.../down.php?pt=epo

http://www.yac.mx/download/.../down.php?pt=tlv

http://ads.adsrvmedia.net/event/click/0/6e-STz2Hp6O8YifGwEX1IVm20KwA6x1z6gwktZiupHtW4bbiMaxazYF7EXbSYANc4xhrvY-m56xHrEMPsNM6FlS1snt3bKmE49m5itXk9lkZZohaQ8B7Io0BMVYF1_28V7I3MYFom9og4kJ5pxWh5iurYJCURkGLeW1DB82L1ORl_FhKf7RKmthsu1TQbBTGeuc7wId_zfdJ0bTO_7B8J1gfuHvPUG3U0NBFqX8-TfzSwop6ZOVPID9w9H2G4gZSKP61pXXdSs3cx8KuOvwzvMxiX1hkKhe77RE5XvgCRmARGQg-xX3uDXp0deimcgoVUVqzZQBMyMmmEtwI8xsulSmz4HNmHCD-OKONkL5WkZgo-xeI_D2wzEhJkldEvIEbfbyq-om9s_aORbs0Yft54mioHwS0cE1EFv-HN2FByMfYwlyGNQ/.../

http://www.yac.mx/download/.../down.php?pt=mun

http://ads.adsrvmedia.net/event/click/0/hz7As7-odI3c2gHNLqkmWOa_mW_X3bMIoULWFdeQeQ7s0NAW8nGw1iJ7nyjAOc8YV7SzSaDWkH_budKufQ7l-2V5is39h5xy2XOnCGMKTryPpi7EGd8CrG50zV2UFQMB7U7k4cGE46g3PUUSGYosmwTJP0v3D8ifpVTwfPFbpkvwYpz51umgEJMAFLFmUiZ6tnwmmFLcyUbAWd45dIVBTqEiPZ18iuKteQjuM9Rb3ZAlwoS-mbAmOkbLHAB738de1xVfaLM2n3YtbpheTPC9OHSkxol_9_CheVNwwL4M7PAVtLl3RFP1veivaU9NOopvui6lLAZEQDfAjSYglwO5REVRttmUVnscuTJ3cD6kCX8UyTi83xTZR1tZpsKLwpSW7z3GsVFTK2sseN-rE91PipUpxEgoKLk2XcOhRAy1sf5y1DZ4krAQ6DpS/.../

Latest 30 of 72 download URLs

Remove yet_another_cleaner_ret.exe - Powered by Reason Core Security