» Yahoo! Messenger.exe
Overview
Analysis
File Details
Downloads (1)

Yahoo! Messenger.exe

Yahoo! Messenger

IDC Ventures LLC

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application Yahoo! Messenger.exe by IDC Ventures has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

Download-Assist (signed by IDC Ventures LLC)

Product:

Yahoo! Messenger

Version:

3.0.0.63

MD5:

db53ccc8a378ea8f80a0a86852acfdeb

SHA-1:

fc5aad5fdecfa392cc6a269c3a29a2e9e6cb79ad

SHA-256:

b8245dd28ee2faa21e2580395d144b6bd6cbcc13553d4a992013e6ad05f3ee10

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

9/7/2024 10:58:04 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.32

681

AhnLab V3 Security

PUP/Win32.Bundler

2015.03.27

Avira AntiVirus

APPL/Downloader.Gen

7.11.200.132

avast!

Win32:Adware-CKD [PUP]

150320-0

AVG

Generic

2016.0.3158

Bitdefender

Gen:Variant.Application.Bundler.32

1.0.20.425

Dr.Web

Trojan.Vittalia.30

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.32

8.15.03.26.11

ESET NOD32

Win32/DownloadAssistant.A potentially unwanted application

9.7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2015-26-03_5

G Data

Gen:Variant.Application.Bundler.32

15.3.24

herdProtect (fuzzy)

variant of avg_free_setup.exe (Adware)

2015.7.1.6

K7 AntiVirus

Trojan

13.202.15392

Malwarebytes

PUP.Optional.DownloadAssistant

v2015.07.01.06

MicroWorld eScan

Gen:Variant.Application.Bundler.32

16.0.0.255

Panda Antivirus

Trj/Genetic.gen

15.03.26.12

Reason Heuristics

PUP.Bundler.Air Software

15.3.26.11

Rising Antivirus

PE:Malware.Graftor!6.1D1F

23.00.65.15324

VIPRE Antivirus

Threat.4782985

36468

File size:

784.9 KB (803,704 bytes)

Product version:

3.0.0.63

Original file name:

Yahoo! Messenger.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\yahoo! messenger.exe

Digital Signature

Signed by:

IDC Ventures LLC

Authority:

Symantec Corporation

Valid from:

12/26/2014 12:00:00 AM

Valid to:

12/25/2016 11:59:59 PM

Subject:

CN=IDC Ventures LLC, O=IDC Ventures LLC, L=Vermilion, S=Ohio, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

57A88D08BD785CCB956355DFF2389330

File PE Metadata

Compilation timestamp:

1/6/2015 11:49:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:Xfgs8zfYy3or6tZekSG6RlYv1m4UOacSm09Htk:XfgsqNSG6Yv1m4UfcN09G

Entry address:

0x4CD0F

Entry point:

E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 20, 4F, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6... 
[+]

Entropy:

7.1123

The file Yahoo! Messenger.exe has been seen being distributed by the following URL.

http://download.program-assist.com/v2/click/18a7551f/?d=http://www.installer-assist.com/download/ymsgr1150_0228_us.exe&key=26352f8bf3b612dc627262fc4a723992896e43a8d6f86856dd1a4dbb9f57d033&sid=uk-Yahoo! Messenger&uid=uk-Yahoo! Messenger&affiliate_image=http://download-assist.com/admin/.../Yahoo-Messenger_i.png&product_image=http://download-assist.com/admin/.../Yahoo-Messenger_p.png&n=Yahoo! Messenger&filename=Yahoo! Messenger

Remove Yahoo! Messenger.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.