Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Ypack.B

PUP.Ypack.B

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Ypack.B
Signature status: Self Signed

Known Samples

MD5: 4d8d9898b584e77e4877cca0a1ec9c61
SHA1: 6d152b01b76690f7d8e73328dc0c683f0fc5e9bf
SHA256: 5795924878090C54ABFB5D64B6C7AD3F20E135DE7573E1714A47DA3A47F0A5BF
File Size: 3.31 MB, 3305824 bytes
MD5: 1b1eab6241c83c69c8635c5552b31488
SHA1: 554385d554a1bf5d8a7c58ae20ede7284f215871
SHA256: AEC1F9C2F1886DE89C45EA6911B2225720C864A564387C29ED48923A747EF5D0
File Size: 9.46 MB, 9456640 bytes
MD5: 42cd8341f4d04cb98518c64bc95a07fd
SHA1: 89c977296e5ee49e49f6c75970cc9b5768870d00
SHA256: FDE1B270C0D80B381BB4DC535FE9657FD7D0EB71A483C2ABC94D345906BF294C
File Size: 9.46 MB, 9456128 bytes
MD5: fea07ecb2be0e9caef3e5757e4f0deaa
SHA1: 343aaed09c956ef92a13da6c632f4f9c1acef4f6
SHA256: ABAE05F38D9FFDA8749F631A868C90A417B5FFB70F4A10AB10A63391588EE2A2
File Size: 430.38 KB, 430376 bytes
MD5: 1dfca51cbbccb7bc6396fe0e4cb7428f
SHA1: f728e0b3c034b586fdfe20aa63d7e855645fd472
SHA256: E249D09956AA2EF44DB6A3CDAB525ABB73D01E7AD46BD83984E0D22D71C9DCC6
File Size: 266.38 KB, 266376 bytes
Show More
MD5: 13b57b6a7de88d20dee95bfc5810a602
SHA1: 1e72956d33ee599e0e5f41506d20081908a1368e
SHA256: E49D1C877A146C1FAEC638BA833BA00725573C6B1C1854B8CC9C6830D849E298
File Size: 8.25 MB, 8254304 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Microsoft Corporation
  • Yandex
File Description
  • Software Installer
  • YandexBrowserDownloader
  • Yandex Statistics
File Version
  • 3.0.5419.0
  • 1.0.1.9
  • 0.0.2.14
Internal Name
  • browser_.exe
  • resource
  • setup
Legal Copyright
  • Copyright (C) 2016
  • Copyright (c) Microsoft Corporation.  All rights reserved.
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • browser_.exe
  • setup.exe
  • Statistics
Product Name
  • Windows Installer XML
  • YandexBrowserDownloader
  • Yandex Statistics
Product Version
  • 3.0.5419.0
  • 1.0.1.9
  • 0.0.2.14

Digital Signatures

Signer Root Status
Air Smart Advertising Solutions FZ-LLC Air Smart Advertising Solutions FZ-LLC Self Signed
YANDEX LLC GlobalSign CodeSigning CA - G2 Self Signed
YANDEX LLC GlobalSign CodeSigning CA - SHA256 - G2 Self Signed
Yandex LLC Yandex LLC Self Signed

File Traits

  • HighEntropy
  • Installer Manifest
  • No Version Info
  • x86

Block Information

Similar Families

  • Ypack.B

Files Modified

File Attributes
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\343aaed09c956ef92a13da6c632f4f9c1acef4f6_0000430376@8008.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\343aaed09c956ef92a13da6c632f4f9c1acef4f6_0000430376@8008.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f728e0b3c034b586fdfe20aa63d7e855645fd472_0000266376@2340.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\f728e0b3c034b586fdfe20aa63d7e855645fd472_0000266376@2340.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\yandexsearch00000.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}\yandexsearch.msi Generic Write,Read Attributes
c:\users\user\appdata\roaming\yandex\ui Generic Write,Read Attributes
c:\users\user\downloads\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob  ⥒ᖺ᮳漌쩌슉冘靷❃뛑ꎉ㖹붠喗꼲ꬢ T到ࠆثԁ܅ȃࠆثԁ܅̃ਆثЁ舁਷Ѓࠆثԁ܅Ѓࠆثԁ܅؃ࠆثԁ܅܃ࠆثԁ܅ăࠆثԁ܅ࠃS@㸰ἰआثЁꀁIJ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 0GlobalSign Roo RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob ﷐鰼സ敻毢㾚폭辛 ⥒ᖺ᮳漌쩌슉冘靷❃뛑ꎉ㖹붠喗꼲ꬢ T到ࠆثԁ܅ȃࠆثԁ܅̃ਆثЁ舁਷Ѓࠆثԁ܅Ѓࠆثԁ܅؃ࠆثԁ܅܃ࠆثԁ܅ăࠆثԁ܅ࠃS@㸰ἰआثЁꀁIJ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 0 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob 캇笋สI壡魱꠷犓쩭큛켍༜瀲퍙뉴ꚜ엣ꘊS@㸰ἰआ虠ňﶆɬ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 4㈰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ăࠆثԁ܅ࠃb 逾떙币䢏lᆝ﨡㖺襚槟Ṗ옽尲 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob RegNtPreCreateKey
HKCU\software\appdatalow\yandex::uicreated_user  RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Process Manipulation Evasion
  • ReadProcessMemory

Trending

Most Viewed

Loading...