YourFile.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application YourFile.exe by Via Advertising Group Limited has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The file has been seen being downloaded from www.yourfiledownloader.com and multiple other hosts.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 293

MD5:
436964538f3d1d6582784f0a3a83cecd

SHA-1:
7fb1f93f34fbda9f91735fdfe6102e0da04709b9

SHA-256:
4c19b2cc3ff4bffbb9c20234879e2e1db85db991041e01ae25f98153d1b0d0ec

Scanner detections:
9 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 12:29:50 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-UEO [PUP]
2014.9-140412

Dr.Web
Trojan.StartPage.56734
9.0.1.0102

ESET NOD32
Win32/YourFileDownloader (variant)
8.9653

Fortinet FortiGate
Riskware/YourFileDownloader
4/12/2014

Malwarebytes
PUP.Optional.YourFileDownloader
v2014.04.12.10

McAfee
Artemis!436964538F3D
5600.7162

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.I
14.8.15.17

Trend Micro House Call
TROJ_GEN.F47V0403
7.2.102

VIPRE Antivirus
Via Advertising
28152

File size:
6.8 MB (7,082,384 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\yourfile.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/11/2013 8:00:00 PM

Valid to:
4/11/2016 7:59:59 PM

Subject:
CN=Via Advertising Group Limited, O=Via Advertising Group Limited, STREET=Boumpoulinas 11, L=Nicosia, S=Nicosia, PostalCode=1060, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BABC309174F531C6762BBA466401FEAF

File PE Metadata
Compilation timestamp:
4/2/2014 10:25:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:NZaUsOGz8F0k6mlnBdOt9EWJ4jfbYxC9Jy0ycpJeDCwXQnIbN0qlMNLwUBfJk2n5:Noz20pZ9pJ4jTYxeDXeowReyUZmvgb

Entry address:
0x2F7ED

Entry point:
E8, 01, C9, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 03, 46, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DF, 5C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 70, F9, 42, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83...
 
[+]

Entropy:
7.9578  (probably packed)

Code size:
287 KB (293,888 bytes)

The file YourFile.exe has been seen being distributed by the following 2 URLs.

Remove YourFile.exe - Powered by Reason Core Security