yet_another_cleaner_ymb.exe

yacdl

Elex do Brasil Participações Ltda

The application yet_another_cleaner_ymb.exe, “standard installer” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from s2s.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
yacdl

Description:
standard installer

Version:
1.0.75.19786

MD5:
e713142712b31512f78b6877ec962391

SHA-1:
45853de737ad588b67a39d9c89ca710b08578da6

SHA-256:
0ebc661236ca655c230524b277c1557f84569809f25ad2afa7277a35ff5b769c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:51:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.X
14.12.10.11

File size:
765 KB (783,400 bytes)

Product version:
1.0.75.19786

Copyright:
Copyright 2011-2014 Elex do Brasil Participações Ltda. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\yet_another_cleaner_ymb.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
3/22/2010 1:59:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Rc/tb3x3PedbbTt5kAi1QQ2/T0U34WCm6mG+UhRQyWXKiL67jQd3Ci:eVbhebb/AQQ2/L3rCmVG+U/QyWaiLNJH

Entry address:
0x114F

Entry point:
E9, AC, 55, 00, 00, E9, C7, 94, 00, 00, E9, 12, 99, 00, 00, E9, 6D, 94, 00, 00, E9, 88, A9, 00, 00, E9, 63, B9, 00, 00, E9, FE, 99, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
57 KB (58,368 bytes)

The file yet_another_cleaner_ymb.exe has been seen being distributed by the following 50 URLs.

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marb&subid=wRVCDT8T9OV68UKG0D5TVJAK&lplink=http://www.yac.mx/download/.../down.php?pt=marb

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wKQRJ522B6U5RI5HGH2C22FS&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wISJ7L12CDN04U1H0TJDFM7C&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wB3VJ21L39KKGT1HG3HJS28C&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wAHMVV2INR0UEO1HGB9FAG5C&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wLOK62BU8GCEBC4HGRFTGO1M&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w9HC57Q2UEP2H94HGOJK3C2U&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wIOP4NL87AIPUQ5HGAK808C4&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w8OMP6KB412U6V4HGPDH1IPS&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wT9B59587JCDEL5H0MT4L3HG&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w136AKLRE5VRNU4H0F6FAHRS&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w72R91DG7O9E8C6H0JRP6AIK&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wN686R91SJOBEF6H0BSNMQCE&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wLSVTL0V1MMODOVG07684KJ0&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w5E19MDAI10MUP1H0TRBKICI&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marb&subid=w0K7PGHVE76A27LGGCV2FOFC&lplink=http://www.yac.mx/download/.../down.php?pt=marb

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w3T84TQPVB91R31H01IQBS60&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w6TNE2CP5ILT3K2H0PJC850U&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w9BFJQSKTG6ORB6H0SG4RDN0&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marb&subid=wGKP5B7KQUG5LPMGGEOLFG2K&lplink=http://www.yac.mx/download/.../down.php?pt=marb

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wM65JL1U113GCJVG0BVQHURA&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wG02N6DVBEMGLC4HGSLV2O28&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w43SR191B2SI1V0HGLJ65PHS&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wFNPR32CU715VA6HGQDHLE8E&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wA84K7VB8JSB6OVGG3IR0H5Q&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wPNVF84AFVJJPA5H0ACTCNAQ&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=w6QMHOTQSQACP24H0GB5COCC&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wAOJ137BFL2LE70H0UOJUSH6&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wV4HMIADNGUR580HG7TB5LRS&lplink=http://www.yac.mx/download/.../down.php?pt=marc

http://s2s.yac.mx/ads/adsavess?sid=yac&ptid=marc&subid=wC7BCF7VVL5TIA0HG031SQ06&lplink=http://www.yac.mx/download/.../down.php?pt=marc

Latest 30 of 403 download URLs

Remove yet_another_cleaner_ymb.exe - Powered by Reason Core Security