home

ic-0.8db3e17116bde.exe

Yuanyuan Mei

The application ic-0.8db3e17116bde.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-5-126.dfw3.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
6d46bbba90185af7bccf214475c47dac

SHA-1:
5bdbc978d9baff7bb2a19119c7fd6a98f8b30e7a

SHA-256:
e313d21919dca589c65399dac29db8e6a42016e6e3f5e6a1bd8fb3292a99e9f3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
7/14/2025 2:20:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.25.23

File size:
415.4 KB (425,408 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.8db3e17116bde.exe

Digital Signature
Signed by:
Yuanyuan Mei

Authority:
thawte, Inc.

Valid from:
1/17/2017 1:00:00 AM

Valid to:
4/21/2017 1:59:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42CDD87CEEA3C88A57939591CB1B6DE8

File PE Metadata
Compilation timestamp:
2/13/2017 4:43:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x64BF

Entry point:
E8, 4F, 23, 00, 00, E9, 74, 4D, 00, 00, 6A, 08, 68, F0, 40, 46, 00, E8, FB, 59, 00, 00, 8B, 7D, 08, 8B, C7, C1, F8, 05, 8B, F7, 83, E6, 1F, C1, E6, 06, 03, 34, 85, 38, 6D, 46, 00, 33, DB, 39, 5E, 08, 75, 31, 6A, 0A, E8, 67, 19, 00, 00, 59, 89, 5D, FC, 39, 5E, 08, 75, 15, 53, 68, A0, 0F, 00, 00, 8D, 46, 0C, 50, E8, 53, 18, 00, 00, 83, C4, 0C, FF, 46, 08, C7, 45, FC, FE, FF, FF, FF, E8, 2A, 00, 00, 00, 8B, C7, C1, F8, 05, 83, E7, 1F, C1, E7, 06, 8B, 04, 85, 38, 6D, 46, 00, 83, C0, 0C, 03, C7, 50, FF, 15, CC...
 
[+]

Code size:
373.5 KB (382,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-126-244.iad16.r.cloudfront.net  (52.84.126.244:80)

TCP (HTTP):
Connects to server-52-85-83-222.lax1.r.cloudfront.net  (52.85.83.222:80)

TCP (HTTP):
Connects to server-52-84-126-169.iad16.r.cloudfront.net  (52.84.126.169:80)

TCP (HTTP):
Connects to server-54-240-186-7.mad50.r.cloudfront.net  (54.240.186.7:80)

TCP (HTTP):
Connects to server-52-85-83-248.lax1.r.cloudfront.net  (52.85.83.248:80)

TCP (HTTP):
Connects to server-52-85-83-13.lax1.r.cloudfront.net  (52.85.83.13:80)

TCP (HTTP):
Connects to server-52-84-126-38.iad16.r.cloudfront.net  (52.84.126.38:80)

TCP (HTTP):
Connects to server-54-240-186-242.mad50.r.cloudfront.net  (54.240.186.242:80)

TCP (HTTP):
Connects to server-54-230-5-126.dfw3.r.cloudfront.net  (54.230.5.126:80)

TCP (HTTP):
Connects to server-52-84-132-183.atl52.r.cloudfront.net  (52.84.132.183:80)

TCP (HTTP):
Connects to server-52-84-132-141.atl52.r.cloudfront.net  (52.84.132.141:80)

TCP (HTTP):
Connects to server-52-84-132-100.atl52.r.cloudfront.net  (52.84.132.100:80)

Remove ic-0.8db3e17116bde.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.