yet_another_cleaner_sk_0.exe

Setup

Elex do Brasil Participações Ltda

The application yet_another_cleaner_sk_0.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
Setup

Version:
1.0.180.27427

MD5:
480219811748d7a4a34109c431394bab

SHA-1:
13cfea330f1f43599adc7f2433e078002b0d4ac6

SHA-256:
91db473fd340cb20fc9100b4bd3564be4db54867d04569e4d8f9d9599a818482

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:33:13 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Mutabaha.456
9.0.1.0181

Malwarebytes
PUP.Optional.ELEX
v2015.06.30.04

Reason Heuristics
Win32.Generic.ELEX.Installer.Meta
15.6.30.4

File size:
847.3 KB (867,672 bytes)

Product version:
1.0.180.27427

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\yet_another_cleaner_sk_0.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/12/2015 8:00:00 PM

Valid to:
7/12/2017 7:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
6/29/2015 6:36:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:1tkL4Z5+BkNFFAJMMpCctUlX5ZufDIqvGrROKVdLlt1F3l4uDzEwf1nPI25:LM04JDvMvufDIqvGrR5RXwebf1nZ5

Entry address:
0xA008

Entry point:
E8, 41, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 88, 70, 41, 00, 6A, 01, A3, AC, FE, 41, 00, E8, 2C, 45, 00, 00, FF, 75, 08, E8, C1, 44, 00, 00, 83, 3D, AC, FE, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 12, 45, 00, 00, 59, 68, 09, 04, 00, C0, E8, 8F, 44, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 11, 70, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 90, FC, 41, 00, 89, 0D, 8C, FC, 41, 00, 89, 15, 88, FC, 41, 00, 89, 1D, 84, FC, 41, 00, 89, 35, 80, FC, 41, 00, 89, 3D, 7C...
 
[+]

Code size:
87 KB (89,088 bytes)

The file yet_another_cleaner_sk_0.exe has been seen being distributed by the following 50 URLs.

http://www.yac.mx/.../112047

http://www.yac.mx/.../117122

http://lb.cdn.m6web.fr/d/c/a/fe71650e3520a4f988ccaab7cf658c0e/579f4c51/soft/.../yac-yet-another-cleaner_6-6-206_fr_431165.exe

http://www.softonic.it/sads/tracker.php?ev=c&co=IT&sid=8c898c1d2f197c6aae5726d9fad46123&upv=c8833fe607caa12b02aed61a0c816827&z=results&sk=0&abp=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBADD0CB244B8D47EE8EF2B6FDF0EA0CE23C8594D788EE802BF1345B03D32F8EBEFE3BD251B8560965B86C4B9807AB721E981664C71BB0A799490F881AC7390649B0D76C874410FA925028BE22A61B03FFCA26A6074EA0FC63DAD707A4E31A8051AAE74C960982DC845343DDA26621422CA5B7DA7C67126899016B041E1B3081EA59072DAC45545253371F624C283941214C209A127CB590E51F187739A33F9AC91&h=235F9895C9D523D2BD3A3AD931360671DB25E361D1A1CBA90F4848F1C351F191&directdownload=1&f=69665508&d=http://www.yac-tech.com/download/.../down.php?pt=sftc

http://www.yac.mx/.../7935892

http://www.yac.mx/.../7288165

http://www.softonic.it/sads/tracker.php?ev=c&co=IT&sid=c8123b88c5f80aa1d5d03c891ac333c9&upv=d24f60b357b2a1d6eb004ebf6cb5b350&z=results&sk=0&abp=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBADD0CB244B8D47EE8EF2B6FDF0EA0CE23C8594D788EE802BF1345B03D32F8EBEF460A8CD5C8723A7CA7FBBA1CBEC7E060F50C69F11F06B76341185F3A59F96D835B6DDAC80FEE00C08C6C6E424C3669B13FC3EFCBF4AC7B801EF28CB22545D55D14AB1FBC82B28B5E96293B2C5F1ACA7A6E13D2977105CF472569AC55581AF7099E1B4BD344C6EE06D6D3DC8F3A86FEA5390F6BAA2368167F2E6B406CE9882557&h=11278A60C396F0FBB8F72F51CBB0489F932EC4D8666E216705B80DCD9EC27A9F&directdownload=1&f=69665508&d=http://www.yac-tech.com/download/.../down.php?pt=sftc

http://global-shared-files-lw.softonic.com/13c/fea/.../yet_another_cleaner_sfto.exe

http://www.yac.mx/.../50789

http://www.yac.mx/.../6126121

http://www.yac.mx/.../4267358

Latest 30 of 55 download URLs

Remove yet_another_cleaner_sk_0.exe - Powered by Reason Core Security