home

yiwaninstaller_sea_09_3067000.exe

YiwanInstaller Module

北京丰余科技有限公司

The application yiwaninstaller_sea_09_3067000.exe by 北京丰余科技有限公司 has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
yiwanzhushou  (signed by 北京丰余科技有限公司)

Product:
YiwanInstaller Module

Version:
1.0.0.1030

MD5:
0a94a493ba5839079744d73bcead1d27

SHA-1:
5701096924028e615cf6360e5f5ebd6428f78f56

SHA-256:
1a26ee2d71b7f9a26fed70b7b93ba8714bef26143e95df57bdaf94fa727abef7

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
11/6/2024 3:42:29 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Downloaderguide!c
2.1.4+

AhnLab V3 Security
PUP/Win32.BundleInstaller.R192171
3.8.3.16

ESET NOD32
Win32/Yiwanzhushou.A potentially unwanted (variant)
11.14814

Fortinet FortiGate
Riskware/DownloaderGuide
2/23/2017

G Data
Win32.Application.Agent.BRDAT9
17.2.25

IKARUS anti.virus
PUA.Yiwanzhushou
0.1.3.4

K7 AntiVirus
Unwanted-Program
13.248.22179

McAfee
Artemis!0A94A493BA58
5600.6115

Quick Heal
Downloader.DownloaderGuide
2.17.14.00

Rising Antivirus
PUA.Yiwanzhushou!8.DE6F-mEFAF9nHWaV (cloud)
23.00.65.17221

ViRobot
Adware.Downloaderguide.2496944[h]
2014.3.20.0

Zillya! Antivirus
Downloader.DownloaderGuideCRTD.Win32.6008
2.0.0.3179

File size:
2.4 MB (2,496,944 bytes)

Product version:
1.0.0.1030

Copyright:
Copyright 2015

Original file name:
YiwanInstaller.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yiwaninstaller_sea_09_3067000.exe

Digital Signature
Signed by:
北京丰余科技有限公司

Authority:
WoSign CA Limited

Valid from:
4/14/2016 3:40:09 PM

Valid to:
4/14/2017 3:40:09 PM

Subject:
CN=北京丰余科技有限公司, O=北京丰余科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
6F023AC937A05412FB470A7DD5283FFA

File PE Metadata
Compilation timestamp:
11/9/2016 2:49:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7FC0F

Entry point:
E8, F9, 08, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 8B, 4D, 08, 8B, 45, 0C, 53, 56, 57, 89, 4D, FC, 89, 45, F8, 74, 1B, 8B, 5D, 14, 85, DB, 74, 14, 85, C9, 75, 19, E8, 21, C6, FF, FF, C7, 00, 16, 00, 00, 00, E8, C6, 72, 00, 00, 33, C0, 5F, 5E, 5B, 8B, E5, 5D, C3, 8B, 75, 18, 85, F6, 74, 0C, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 76, 24, 83, 7D, 0C, FF, 74, 0E, FF, 75, 0C, 6A, 00, 51, E8, B4, AF, FF, FF, 83, C4, 0C, 85, F6, 74, BC, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 77, B0...
 
[+]

Entropy:
7.6252

Code size:
664 KB (679,936 bytes)

Remove yiwaninstaller_sea_09_3067000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.