yet_another_cleaner_sftc.exe

Setup

Elex do Brasil Participações Ltda

The file yet_another_cleaner_sftc.exe has been detected as potentially unwanted by 1 anti-virus scanner. The file has been seen being downloaded from cjsab.com and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
Setup

Version:
6.8.15.29832

MD5:
3aafe6796dac4550372a501377f32443

SHA-1:
1a4190558434a4c60436573c2ddf00e74dc0eef0

SHA-256:
836f585a334cacca120b6852f40d4c2d15247963ca58f46c8de1c3ebdd230dd4

Scanner detections:
1 / 68

Status:
Potentially Unwanted

Analysis date:
12/4/2024 8:08:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
15.12.30.8

File size:
853 KB (873,488 bytes)

Product version:
6.8.15.29832

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
setup.exe

Language:
Chinese

Common path:
C:\users\{user}\downloads\yet_another_cleaner_sftc.exe.r6v1hd6.partial

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/12/2015 8:00:00 PM

Valid to:
7/12/2017 7:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
12/22/2015 12:10:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:Xr0Xx+T23oXzW3PsxSADDeHX2WKZaT3Ip3+j/TGsOdFWo8y3QLcmlV5+NkX2TN5:btT20zW/hEDeHe0G+PVyVmlV5+NaS

Entry address:
0x9EB2

Entry point:
E8, D1, 31, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 6C, 20, 41, 00, 6A, 01, A3, C4, A7, 41, 00, E8, 8E, 36, 00, 00, FF, 75, 08, E8, 23, 36, 00, 00, 83, 3D, C4, A7, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 74, 36, 00, 00, 59, 68, 09, 04, 00, C0, E8, F1, 35, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 99, 5E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A8, A5, 41, 00, 89, 0D, A4, A5, 41, 00, 89, 15, A0, A5, 41, 00, 89, 1D, 9C, A5, 41, 00, 89, 35, 98, A5, 41, 00, 89, 3D, 94...
 
[+]

Code size:
64.5 KB (66,048 bytes)

The file yet_another_cleaner_sftc.exe has been seen being distributed by the following 35 URLs.

http://cjsab.com/?a=506202&c=1419483&m=28&s1=18596&s2=308967f0cf3fbd8f5d703191c2a8a702

http://cjsab.com/?a=506202&c=1419483&m=28&s1=18596&s2=3d5c2bc0b7a3c01df718794e3a4605b6

http://cjsab.com/?a=506202&c=1419483&m=28&s1=25684&s2=3719466dd1179d46662d28f2dae4e03c

http://dl2.yac.mx/download/.../yet_another_cleaner_bxk.exe

http://dl.yac-tech.com/download/.../yet_another_cleaner_nvbc_setup_5619907214.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=BR&sid=73d162b28c30ed613e1044e212919c7a&upv=3d571f0bd233fec3cf05b2345b4e86c0&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E0313858C8F8C1052086E0A941149460CE7F4DEC5201CDDA1FF79C5BBDC0F758051FD452C04D029A2D5FDBC8CA08A8851499C6DE2F41999F07FB34B0D2D554FF125187482B88F55B4B1C215C4F6CBD219E3D38D8133535F681BDB4B34F8E803E96030ED991864E93BF6DE130B8EDC36B4CC9BBE09F4D3D301602C776CA30780812449722456DD9526F79692141D25B17813FC2CFCF500A80960E0CC45356388AF4B&h=12F5AD301E12A77E56FC7F6B1AE736E2FA13EB72ED0B8228168CEBAD3835E5D0&directdownload=1&f=69665508&d=http://www.yac-tech.com/download/.../down.php?pt=sftc

http://dl.yac-tech.com/download/.../yet_another_cleaner_nvbc_setup_5635868069.exe

Latest 30 of 35 download URLs

Remove yet_another_cleaner_sftc.exe - Powered by Reason Core Security