home

dam_ay.exe

Ding Ruan

The application dam_ay.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ding Ruan  (signed and verified)

MD5:
07df1ca413fcd74dfc0a606ac4a0829c

SHA-1:
e75f8171f14f7b115fedb0af5f02208b5e6852c1

SHA-256:
99347478f950a637b9d2990453f05f1c059fad882e1bfc0e4aef8549baf618f5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
7/14/2025 6:40:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.12.4.1

File size:
413.6 KB (423,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dam_ay.exe

Digital Signature
Signed by:
Ding Ruan

Authority:
thawte, Inc.

Valid from:
10/28/2016 2:00:00 AM

Valid to:
4/14/2017 1:59:59 AM

Subject:
CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7EFAEB24FF6C0328BE6C7BF1FA07E037

File PE Metadata
Compilation timestamp:
11/7/2016 3:35:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:Cr/axI4+IiH1u5gijkN3NArUk/WFEL1I+mE0HCVv/Ow0FP8PLQjgcBg5+:MQomgQCirUhF0yzi12tWSgsK+

Entry address:
0xA776

Entry point:
E8, 2E, C9, FF, FF, E9, 63, 18, 00, 00, E8, 89, E1, FF, FF, E8, EB, E1, FF, FF, 85, C0, 75, 08, E8, 25, D4, FF, FF, 33, C0, C3, 68, 38, 81, 40, 00, E8, 07, BC, FF, FF, A3, 98, 46, 46, 00, 59, 83, F8, FF, 74, E3, 56, 68, BC, 03, 00, 00, 6A, 01, E8, 94, F5, FF, FF, 8B, F0, 59, 59, 85, F6, 74, 2D, 56, FF, 35, 98, 46, 46, 00, E8, AE, E6, FF, FF, 59, 59, 85, C0, 74, 1B, 6A, 00, 56, E8, DE, 70, FF, FF, 59, 59, FF, 15, 78, D0, 45, 00, 83, 4E, 04, FF, 89, 06, 33, C0, 40, 5E, C3, E8, C6, D3, FF, FF, 33, C0, 5E, C3...
 
[+]

Code size:
367 KB (375,808 bytes)

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.