yet_another_cleaner_sftc.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application yet_another_cleaner_sftc.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.softonic.it and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
Setup

Version:
5.4.84.17041

MD5:
1d0c5da459231aa628ecced1fcbcd951

SHA-1:
fc6b83c4f349c9f0c3460aa7c5ee5601652921ef

SHA-256:
508ab0c736fbbaf6e1f069482a6a8f3fef979099ed2a55988da8b31d2a3cd374

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:39:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.Y
14.11.11.16

File size:
14.8 MB (15,569,688 bytes)

Product version:
5.4.84.17041

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_sftc.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
9/29/2014 1:03:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:c3wnMgktf770WxSKzfQsvkXJW98B2u0H0Ynlkafu:cCMr5xSKbOyUYlJfu

Entry address:
0x1D532

Entry point:
E8, 9E, A8, 00, 00, E9, 39, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Code size:
241 KB (246,784 bytes)

The file yet_another_cleaner_sftc.exe has been seen being distributed by the following 12 URLs.

http://www.softonic.it/sads/tracker.php?ev=c&co=IT&sid=a168c6102f7b06125ae2e41f9c7ee5a9&upv=b87bc50a8de230735834d403ae2b3c98&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBADD0CB244B8D47EE8EF2B6FDF0EA0CE23C8594D788EE802BF1345B03D32F8EBEF6DD2F2D3DE487748BEC7794C220647AB622006E82CD10790E2B3BEA7E9A8CA23EE827219C0ECE8C0C1444DB0B484D889F490870AAC8EFAF34862E84C5913F2092D5B8BEF2E07EE38B7CF472BBB2D393EC16ED8CF2821A0C118D92752B8E3100AE8CA6D6318C0569DCE7482CA963182AEFC0D05495B79FB1C13F7DF3AA2E56B7F&h=06DBE0CE0E90D546B220CB65764A55CE6EDB68F0BB98F5935B1630D1F82BB3D7&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

http://www.softonic.com/sads/tracker.php?ev=c&co=ES&sid=526918d75bc5ea4ef7cf56826556b2b8&upv=1be56ee980fa87f30b11797d5e625f32&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2C4EC6E561351677C77086EC499320CAC3DF1EA91BE99EF239B058EE928D6327EF5112AE837C3A1054D59F44CDD0DE43E72E8C793E503E7B7422CD90992C7D148370D8B2A2D81573B725D2FD48723CA3680BF0DB35699DD27EF5652CD9E7BF5E05A5C311E0C1C4C5823740625D0490DF578E746F3DD4FB3ECF9B582A77961469C41C855011C37582A33B70E431E7AFF60&h=5E84D32F8BD270A662B5CCB2214B36583F0CF8D940B7C649A51EA510431E30DA&directdownload=1&f=69665508&d=http://dl.yac.mx/download/.../yet_another_cleaner_sftc.exe

Remove yet_another_cleaner_sftc.exe - Powered by Reason Core Security