home

dam_ay.exe

Xin Zhou

The executable dam_ay.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Xin Zhou  (signed and verified)

MD5:
6429626aa59ea3915a98935dacf51187

SHA-1:
9b7568cf142e8133e9f30b54709684e1aa29bc93

SHA-256:
b82a10f63653cc56d0568bfbeb6eb98b28b0f1ca3dc5e0495084a516d9f3361b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
10/14/2025 3:39:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.23.14

File size:
422.1 KB (432,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dam_ay.exe

Digital Signature
Signed by:
Xin Zhou

Authority:
thawte, Inc.

Valid from:
11/3/2016 7:00:00 PM

Valid to:
3/22/2017 6:59:59 PM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3D50F36E24BBF7552E2B85DBBD2AECCC

File PE Metadata
Compilation timestamp:
11/10/2016 7:32:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:BWMzfbvKXOqseBk/ejx5fFkHuS2/SGx2bJ+RtUjG5cEuLoUliiKfPZtYKgJd:BWezZqFBkixXz6NkoG5ruspjPZtdQ

Entry address:
0x3390

Entry point:
E8, 60, 11, 00, 00, E9, FB, 8F, 00, 00, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, FE, 77, 4D, 39, 71, 14, 73, 0B, FF, 71, 10, 56, E8, 69, E2, FF, FF, EB, 30, 80, 7D, 0C, 00, 74, 18, 83, FE, 10, 73, 13, 8B, 41, 10, 3B, F0, 73, 02, 8B, C6, 50, 6A, 01, E8, 33, 50, 00, 00, EB, 12, 85, F6, 75, 0E, 21, 71, 10, 83, 79, 14, 10, 72, 02, 8B, 09, C6, 01, 00, 33, C0, 3B, C6, 5E, 1B, C0, F7, D8, 5D, C2, 08, 00, 68, E4, 26, 46, 00, E8, AF, 49, 00, 00, CC, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56...
 
[+]

Code size:
371.5 KB (380,416 bytes)

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.