yqd2n.exe

Stpll

GCM

The application yqd2n.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site.
Publisher:
GCM

Product:
Stpll

Description:
fast install

Version:
190.33.59.203

MD5:
06d84dc7b13ed1f4bf7c5a63ce86ea15

SHA-1:
9af2343c1227edf50378b15e8a766461f270e18a

SHA-256:
9d880f9dc260af2f2a48bb53815b686a0e3290ff571863d1fc96ab00ecd160bb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 4:40:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.GCM.Installer.Meta (M)
16.6.23.1

File size:
650.5 KB (666,112 bytes)

Product version:
190.33.59.203

Copyright:
CL2016

Trademarks:
US CAPS

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\yqd2n.exe

File PE Metadata
Compilation timestamp:
5/23/2016 1:26:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Gz5Kuz+DtreUszRCtjjYQbh1vX7B+fIMEZHaEjvL0yfj+jTqX:1uCNMRWjFbHv7BgIRHaEbL0yfqjTw

Entry address:
0x5FFD

Entry point:
E8, 8F, 36, 00, 00, E9, 8C, FE, FF, FF, 6A, 00, E9, C6, E7, FF, FF, C3, E9, 0E, F5, FF, FF, C2, 04, 00, 8B, FF, 56, FF, 35, C8, 01, 41, 00, E9, E0, 18, 00, 00, 8B, F0, 85, F6, 75, 19, FF, 35, DC, 0D, 41, 00, E9, 9B, FC, FF, FF, 8B, F0, 56, FF, 35, C8, 01, 41, 00, E9, 37, B1, FF, FF, 8B, C6, 5E, C3, A1, C4, 01, 41, 00, 83, F8, FF, 74, 15, 50, FF, 35, E4, 0D, 41, 00, E9, 8B, 25, 00, 00, FF, D0, 83, 0D, C4, 01, 41, 00, FF, A1, C8, 01, 41, 00, 83, F8, FF, 74, 0D, 50, E9, 5C, EC, FF, FF, 83, 0D, C8, 01, 41, 00...
 
[+]

Entropy:
6.8113

Code size:
41 KB (41,984 bytes)

The file yqd2n.exe has been seen being distributed by the following URL.

Remove yqd2n.exe - Powered by Reason Core Security