home

ammyy admin.exe

The application ammyy admin.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from onedrive.live.com and multiple other hosts.
MD5:
299d1dcfb11a027fa975bf219bb4e3bd

SHA-1:
73a34a949d56a05fe258fffe0f9d022f57cd6026

SHA-256:
39766f02d914749e2847fc79a6021243fbbf912d8da480771a1de21852435bb0

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2025 10:49:01 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.RemoteAdmin
7.1.1

Avira AntiVirus
SPR/RemoteAdmin.765952
8.3.2.4

avast!
Win32:RemoteAdmin-B [PUP]
2014.9-160115

AVG
RemoteAdmin
2017.0.2863

Dr.Web
Program.RemoteAdmin.701
9.0.1.015

ESET NOD32
Win32/RemoteAdmin.Ammyy.B potentially unsafe (variant)
10.12627

G Data
Win32.Riskware.RemoteAdmin
16.1.25

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy
14.0.0.812

Malwarebytes
RiskWare.RAAmmyy
v2016.01.15.03

NANO AntiVirus
Riskware.Win32.RemoteAdmin.dskdxp
0.30.26.4751

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Ammyy!6.1139 [F]
23.00.65.16113

File size:
534 KB (546,795 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\ammyy admin.exe

File PE Metadata
Compilation timestamp:
5/9/2013 8:06:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:faqyInwX8lFXHeKKZ9EhA7hGnj+kpD4cks9zgKCui6P:iq5+sXiHUpptks1gJuN

Entry address:
0x107FF

Entry point:
E8, 9D, 58, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Code size:
98 KB (100,352 bytes)

The file ammyy admin.exe has been seen being distributed by the following 2 URLs.

https://onedrive.live.com/download.aspx?cid=D2F5EB48E7FF2B47&authKey=!AP5MUw-QQDW9MG4&resid=D2F5EB48E7FF2B47!118

https://cefhzw-dm2306.files.1drv.com/.../Ammyy Admin.exe

Remove ammyy admin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.