yourfiledownloader.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application yourfiledownloader.exe by Via Advertising Group Limited has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The file has been seen being downloaded from www.yourfiledownloader.com and multiple other hosts.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 182

MD5:
8ffbbf77c12141e730b1cf27caef1c38

SHA-1:
3e03477ccf81fca9df3e8f8c232a74a459fa6047

SHA-256:
6540cdd8a166f0217fecd2c8c257fedc7b0661e05d03419a31417fc711537bb7

Scanner detections:
7 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 3:52:28 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Skodna.Generic_c
2015.0.3328

Dr.Web
Adware.Downware.747
9.0.1.0280

ESET NOD32
Win32/YourFileDownloader (variant)
8.7901

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.S
14.10.7.16

Trend Micro House Call
TROJ_GEN.F47V1130
7.2.280

VIPRE Antivirus
Via Advertising
15060

XVirus List
Win32.Detected
2.10.7

File size:
3.9 MB (4,066,736 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\2013\miscelaneous\yourfiledownloader.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/29/2012 8:00:00 PM

Valid to:
4/30/2013 7:59:59 PM

Subject:
CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54119944225483D152EE7DAA2475480B

File PE Metadata
Compilation timestamp:
11/29/2012 9:40:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:4A3lZcS44lJH2PGb1GFIJ4jfbY2aXIMxaV9UV7UCLLs:LZcS44lJegzJ4jTY2aXBxXe1

Entry address:
0xA2A3

Entry point:
E8, 1D, 66, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 44, 57, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 47, 08, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 20, A4, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24...
 
[+]

Entropy:
7.8760  (probably packed)

Code size:
93 KB (95,232 bytes)

The file yourfiledownloader.exe has been seen being distributed by the following 2 URLs.

Remove yourfiledownloader.exe - Powered by Reason Core Security