ymjoehddui.exe

TVGenie

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application ymjoehddui.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Western Web Applications, LLC  (signed and verified)

Product:
TVGenie

Version:
1.0.0.0

MD5:
35288215061361591203f326005e9c0b

SHA-1:
be091c18635c748e1c8995f03bd643f72fc14da6

SHA-256:
ea7985d16efa255d4d10f2759939bfe876a7ddd491f17701191121eb420c60fd

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 2:19:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.10.12.7

File size:
48.8 KB (49,992 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Western Web Applications, LLC 2014

Original file name:
TVGenie.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\yhwtrorj\dat\ymjoehddui.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/3/2014 4:30:00 AM

Valid to:
6/4/2015 4:29:59 AM

Subject:
CN="Western Web Applications, LLC", O="Western Web Applications, LLC", L=Del Mar, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2846A7B6FF6C3C84D2AC5AD12B664347

File PE Metadata
Compilation timestamp:
8/29/2014 4:46:21 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:AaOP+4IIS/bvCgDB3FjHpC5a5rmgfziYWuYRm35SqLA2lEfrOJ:oNIIS/bHF3FjHDPziYWFssRSJ

Entry address:
0xBF7E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6500

Code size:
40 KB (40,960 bytes)

Remove ymjoehddui.exe - Powered by Reason Core Security