home

dam_ay.exe

Xin Zhou

The executable dam_ay.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from d3g1g0k0wwnjag.cloudfront.net.
Publisher:
Xin Zhou  (signed and verified)

MD5:
7244183ebfd950db1e522c8901859327

SHA-1:
ee547baad6e9b3dc7a818d5caa6af4ca7f6b6676

SHA-256:
4510d080eb93a3961446123645fcf628b6dc26b12f4dec6bc241f0473fd089de

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/12/2024 10:56:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.8.2

File size:
428.9 KB (439,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dam_ay.exe

Digital Signature
Signed by:
Xin Zhou

Authority:
thawte, Inc.

Valid from:
1/22/2017 2:00:00 AM

Valid to:
3/23/2017 1:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35F9E707577DD44B242082BD796F64CF

File PE Metadata
Compilation timestamp:
1/19/2017 5:05:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x78DC

Entry point:
E8, 33, F0, FF, FF, E9, 5B, 6E, 00, 00, 55, 8B, EC, 83, EC, 10, FF, 75, 08, 8D, 4D, F0, E8, 6D, 17, 00, 00, FF, 75, 20, 8D, 45, F0, FF, 75, 1C, FF, 75, 18, FF, 75, 14, FF, 75, 10, FF, 75, 0C, 50, E8, 3E, 99, 00, 00, 83, C4, 1C, 80, 7D, FC, 00, 74, 07, 8B, 4D, F8, 83, 61, 70, FD, 8B, E5, 5D, C3, 56, 57, BE, A8, 8A, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, 8C, 10, 46, 00, 53, E8, 42, 20, 00, 00, 83, 27, 00, 59, 83, C7, 08, 81, FF, C8, 8B, 46, 00, 7C, D8, 5B, 83, 3E, 00...
 
[+]

Code size:
383.5 KB (392,704 bytes)

The file dam_ay.exe has been seen being distributed by the following URL.

http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.