home

yiwaninstaller_sea_09_3263720.exe

YiwanInstaller Module

北京丰余科技有限公司

The application yiwaninstaller_sea_09_3263720.exe by 北京丰余科技有限公司 has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from cdn.yiwanzhushou.com.
Publisher:
yiwanzhushou  (signed by 北京丰余科技有限公司)

Product:
YiwanInstaller Module

Version:
1.0.0.1027

MD5:
56fcf0e2d61b043c40d7eb593a9a719d

SHA-1:
7bc71ca50fedd3aac57a62783fd09a3c5cb0b984

SHA-256:
edb6cd49cb593438ef68a1fe31210ed0c7ce0392dab48d59b04bfc9f3dc4554f

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 3:38:12 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Downloaderguide!c
2.1.4+

ESET NOD32
Win32/Yiwanzhushou.A potentially unwanted (variant)
11.14814

G Data
Win32.Application.Agent.OV162H
17.2.25

IKARUS anti.virus
PUA.Yiwanzhushou
0.1.3.4

K7 AntiVirus
Unwanted-Program
13.248.22179

McAfee
Artemis!56FCF0E2D61B
5600.6129

Quick Heal
Downloader.DownloaderGuide
2.17.14.00

Rising Antivirus
PUA.Yiwanzhushou!8.DE6F-QmYoqjLRctC (cloud)
23.00.65.17207

Zillya! Antivirus
Downloader.DownloaderGuideCRTD.Win32.6008
2.0.0.3179

File size:
2.2 MB (2,288,552 bytes)

Product version:
1.0.0.1027

Copyright:
Copyright 2015

Original file name:
YiwanInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\downloads\yiwaninstaller_sea_09_3263720.exe

Digital Signature
Signed by:
北京丰余科技有限公司

Authority:
WoSign CA Limited

Valid from:
4/14/2016 2:40:09 AM

Valid to:
4/14/2017 2:40:09 AM

Subject:
CN=北京丰余科技有限公司, O=北京丰余科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
6F023AC937A05412FB470A7DD5283FFA

File PE Metadata
Compilation timestamp:
9/22/2016 8:30:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7DC16

Entry point:
E8, F2, 09, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 8B, 4D, 08, 8B, 45, 0C, 53, 56, 57, 89, 4D, FC, 89, 45, F8, 74, 1B, 8B, 5D, 14, 85, DB, 74, 14, 85, C9, 75, 19, E8, 60, C2, FF, FF, C7, 00, 16, 00, 00, 00, E8, DF, 72, 00, 00, 33, C0, 5F, 5E, 5B, 8B, E5, 5D, C3, 8B, 75, 18, 85, F6, 74, 0C, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 76, 24, 83, 7D, 0C, FF, 74, 0E, FF, 75, 0C, 6A, 00, 51, E8, CD, AF, FF, FF, 83, C4, 0C, 85, F6, 74, BC, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 77, B0...
 
[+]

Entropy:
7.5814

Code size:
656 KB (671,744 bytes)

The file yiwaninstaller_sea_09_3263720.exe has been seen being distributed by the following URL.

http://cdn.yiwanzhushou.com/160922/.../YiwanInstaller_sea_09_3263720.exe

Remove yiwaninstaller_sea_09_3263720.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.