× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a667751452665c2e239e75cfc04f40cd70deda350d4f8850c4860dc24087cbf1
File name: imf-setup.exe
Detection ratio: 17 / 66
Analysis date: 2018-07-18 03:09:09 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.Elex 20180718
Bkav W32.HfsAdware.90C9 20180717
CAT-QuickHeal Heur.Adware 20180717
Cyren W32/S-37eba679!Eldorado 20180718
DrWeb Adware.Mutabaha.477 20180718
Endgame malicious (moderate confidence) 20180711
ESET-NOD32 a variant of Win32/Adware.ELEX.SE 20180717
F-Prot W32/S-37eba679!Eldorado 20180718
F-Secure Application:W32/Elex 20180718
GData Win32.Application.Agent.LP4QSM 20180718
Jiangmin AdWare.ELEX.cbb 20180718
Kaspersky not-a-virus:HEUR:AdWare.Win32.Elex.gen 20180718
Malwarebytes Adware.Elex 20180718
MAX malware (ai score=86) 20180718
NANO-Antivirus Riskware.Win32.ELEX.euzwnt 20180717
VBA32 Signed-Adware.Elex 20180717
Webroot Pua.Elex 20180718
Ad-Aware 20180718
AegisLab 20180718
AhnLab-V3 20180717
Alibaba 20180713
ALYac 20180718
Arcabit 20180718
Avast 20180718
Avast-Mobile 20180717
AVG 20180718
Avira (no cloud) 20180717
AVware 20180718
Babable 20180406
Baidu 20180717
BitDefender 20180718
ClamAV 20180717
CMC 20180717
Comodo 20180718
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180718
Emsisoft 20180718
Fortinet 20180718
Ikarus 20180717
Sophos ML 20180717
K7AntiVirus 20180718
K7GW 20180718
Kingsoft 20180718
McAfee 20180718
McAfee-GW-Edition 20180718
Microsoft 20180718
eScan 20180718
Palo Alto Networks (Known Signatures) 20180718
Panda 20180717
Qihoo-360 20180718
Rising 20180718
SentinelOne (Static ML) 20180701
Sophos AV 20180718
SUPERAntiSpyware 20180717
Symantec 20180718
TACHYON 20180718
Tencent 20180718
TheHacker 20180716
TotalDefense 20180717
TrendMicro 20180718
TrendMicro-HouseCall 20180717
Trustlook 20180718
VIPRE 20180717
ViRobot 20180718
Yandex 20180717
ZoneAlarm by Check Point 20180717
Zoner 20180717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 8:54 AM 12/19/2013
Signers
[+] Elex do Brasil Participações Ltda
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 4:46 AM 9/24/2013
Valid to 7:28 AM 8/17/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4B15555F4E39A8208A135C64F1CC70685402BE35
Serial number 11 21 5F 51 91 6F 2B B9 F5 4E 82 87 1F EA 88 CE 8F 5E
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT base64, 7Z, Unicode, UTF-8
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-19 13:00:46
Entry Point 0x0001238F
Number of sections 4
PE sections
Overlays
MD5 2d5303627ecd497c207d524192758163
File type data
Offset 109568
Size 9008184
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
InitializeCriticalSection
GetStdHandle
GetDriveTypeW
ReadFile
TerminateThread
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
ExitProcess
SystemTimeToFileTime
lstrcpyW
LoadLibraryA
GetCommandLineW
lstrcmpiW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
SetLastError
LockResource
SetFileTime
lstrlenW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
SuspendThread
GetModuleFileNameW
SetFilePointer
FindResourceExA
SetFileAttributesW
GetSystemDirectoryW
WideCharToMultiByte
RemoveDirectoryW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
FindNextFileW
WriteFile
MulDiv
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
WaitForMultipleObjects
GetModuleHandleW
LocalFree
FormatMessageW
ResumeThread
CreateEventW
GetExitCodeThread
ResetEvent
SetCurrentDirectoryW
LoadResource
GetTempPathW
CreateFileW
GlobalAlloc
VirtualFree
GetFileAttributesW
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
LeaveCriticalSection
VirtualAlloc
GetEnvironmentVariableW
GetModuleHandleA
CloseHandle
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
memcmp
__setusermatherr
_adjust_fdiv
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__p__commode
??3@YAXPAX@Z
memcpy
free
__getmainargs
_purecall
_wtol
memmove
wcscpy
_beginthreadex
_initterm
_exit
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
ClientToScreen
GetParent
EndDialog
SystemParametersInfoW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
EnableWindow
GetDC
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
GetClientRect
GetDlgItem
DrawTextW
CallWindowProcW
EnableMenuItem
ScreenToClient
wsprintfA
SetTimer
LoadImageW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
wsprintfW
CopyImage
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
36352

ImageVersion
0.0

ProductName
Yet Another Cleaner

FileVersionNumber
3.6.24.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
installer application

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
yac_installer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.6.24.1

TimeStamp
2010:11:19 14:00:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
yac_installer.exe

ProductVersion
3.6.24.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (c) 2011-2013 Elex do Brasil Participa??es Ltda

MachineType
Intel 386 or later, and compatibles

CompanyName
Elex do Brasil Participa??es Ltda

CodeSize
72192

FileSubtype
0

ProductVersionNumber
3.6.24.1

EntryPoint
0x1238f

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 72cd24413ce66dd8cd160827bf8ca1e0
SHA1 335c02a0849a6e1adb60a6a68f541cb14073ee86
SHA256 a667751452665c2e239e75cfc04f40cd70deda350d4f8850c4860dc24087cbf1
ssdeep
196608:wK+WUiBnypMnjX2SENMWO7j6uUZtYWngw+Ws0MJjuzyKzED3uJL1m0N9l:w9iBnyMn72DFOpCK6zbzMjuF/

authentihash 1b7f7cccef9e8fcf6ec63da2666c39b6e6c007bafddc277257f2357fdc04dc91
imphash 0623f5db00daeb7e7d209f48f21ec2ff
File size 8.7 MB ( 9117752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2013-12-19 08:16:49 UTC ( 4 years, 10 months ago )
Last submission 2015-04-03 12:46:43 UTC ( 3 years, 7 months ago )
File names file-6368462_vrs
imf-setup.exe
YAC(Yet Another Cleaner)_3.7.39.exe
yac_organic_sk(6).exe
yet_another_cleaner(17).exe
yet_another_cleaner.exe
yet_another_cleaner(19).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!