home

dam_ay.exe

Ding Ruan

The application dam_ay.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ding Ruan  (signed and verified)

MD5:
da8a16a2df8c68ee0e87b8e5eb200342

SHA-1:
1f6a806d61c5f72f82da0eff275364e85023ea83

SHA-256:
f5ac7fde00693a69a8331cb17529714e005703b4d648997147ad17adac76e1af

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/16/2025 2:13:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.12.6.9

File size:
405.1 KB (414,872 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dam_ay.exe

Digital Signature
Signed by:
Ding Ruan

Authority:
thawte, Inc.

Valid from:
11/27/2016 10:00:00 PM

Valid to:
4/13/2017 8:59:59 PM

Subject:
CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2338186762931B78D05AE2D72C1455CC

File PE Metadata
Compilation timestamp:
11/22/2016 11:53:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:df/V8bxcaZgZrONGAYDgMsIwy7IlkoPardjduRYr+LULbM5dJADN//EP2OzMWI+M:R98bya+rZHDgMs8CPaW0/IP7JzzxSj

Entry address:
0x66C2

Entry point:
E8, 1B, C6, FF, FF, E9, EE, 56, 00, 00, 6A, 10, 68, 90, 1E, 46, 00, E8, C8, 59, 00, 00, 33, FF, 89, 7D, E4, 6A, 01, E8, 9D, E0, FF, FF, 59, 21, 7D, FC, 6A, 03, 5E, 89, 75, E0, 3B, 35, A4, 9E, 46, 00, 7D, 53, A1, A0, 9E, 46, 00, 8B, 04, B0, 85, C0, 74, 44, F6, 40, 0C, 83, 74, 10, 50, E8, 11, 20, 00, 00, 59, 83, F8, FF, 74, 04, 47, 89, 7D, E4, 83, FE, 14, 7C, 29, A1, A0, 9E, 46, 00, 8B, 04, B0, 83, C0, 20, 50, FF, 15, A8, C0, 45, 00, A1, A0, 9E, 46, 00, FF, 34, B0, E8, 70, B9, FF, FF, 59, A1, A0, 9E, 46, 00...
 
[+]

Code size:
361 KB (369,664 bytes)

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.