home

ic-0.aad68c10e6392.exe

Yuanyuan Mei

The application ic-0.aad68c10e6392.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-173-152.fra6.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
4ec24923f2dc162029778ffa82122d45

SHA-1:
58647e4a2142f6e32f31624b35b56aa02ef58836

SHA-256:
38cb2b0c6abc94bb3fc0cc53773f4a7688f5826a4571a9cd32a5dfb1e5389766

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/17/2026 4:09:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.3.1.18

File size:
424.5 KB (434,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.aad68c10e6392.exe

Digital Signature
Signed by:
Yuanyuan Mei

Authority:
thawte, Inc.

Valid from:
1/11/2017 5:30:00 AM

Valid to:
4/21/2017 5:29:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
27228B1713C643E1C43F1D90A8686D41

File PE Metadata
Compilation timestamp:
2/20/2017 8:24:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x4FAD

Entry point:
E8, 06, 4D, 00, 00, E9, EB, 6B, 00, 00, 55, 8B, EC, 8B, 55, 14, 56, 8B, 75, 08, 57, 8B, 7A, 0C, 85, F6, 75, 16, E8, 5A, CA, FF, FF, 6A, 16, 5E, 89, 30, E8, 66, 4B, 00, 00, 8B, C6, E9, 84, 00, 00, 00, 83, 7D, 0C, 00, 76, E4, 8B, 4D, 10, C6, 06, 00, 85, C9, 7E, 04, 8B, C1, EB, 02, 33, C0, 40, 39, 45, 0C, 77, 09, E8, 28, CA, FF, FF, 6A, 22, EB, CC, C6, 06, 30, 53, 8D, 5E, 01, 8B, C3, 85, C9, 7E, 1A, 8A, 17, 84, D2, 74, 06, 0F, BE, D2, 47, EB, 03, 6A, 30, 5A, 88, 10, 40, 49, 85, C9, 7F, E9, 8B, 55, 14, C6, 00...
 
[+]

Entropy:
7.8324  (probably packed)

Code size:
382.5 KB (391,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-221-160.cdg50.r.cloudfront.net  (52.85.221.160:80)

TCP (HTTP):
Connects to server-54-230-163-238.jax1.r.cloudfront.net  (54.230.163.238:80)

TCP (HTTP):
Connects to server-54-230-141-243.sfo5.r.cloudfront.net  (54.230.141.243:80)

TCP (HTTP):
Connects to server-54-230-141-134.sfo5.r.cloudfront.net  (54.230.141.134:80)

TCP (HTTP):
Connects to server-52-85-173-155.fra6.r.cloudfront.net  (52.85.173.155:80)

TCP (HTTP):
Connects to server-54-230-206-157.atl50.r.cloudfront.net  (54.230.206.157:80)

TCP (HTTP):
Connects to server-54-230-141-143.sfo5.r.cloudfront.net  (54.230.141.143:80)

TCP (HTTP):
Connects to server-54-192-51-91.jfk5.r.cloudfront.net  (54.192.51.91:80)

TCP (HTTP):
Connects to server-54-230-206-72.atl50.r.cloudfront.net  (54.230.206.72:80)

TCP (HTTP):
Connects to server-54-230-206-29.atl50.r.cloudfront.net  (54.230.206.29:80)

TCP (HTTP):
Connects to server-54-230-187-93.cdg51.r.cloudfront.net  (54.230.187.93:80)

TCP (HTTP):
Connects to server-54-230-187-32.cdg51.r.cloudfront.net  (54.230.187.32:80)

TCP (HTTP):
Connects to server-54-230-187-23.cdg51.r.cloudfront.net  (54.230.187.23:80)

TCP (HTTP):
Connects to server-54-230-187-176.cdg51.r.cloudfront.net  (54.230.187.176:80)

TCP (HTTP):
Connects to server-54-230-163-29.jax1.r.cloudfront.net  (54.230.163.29:80)

TCP (HTTP):
Connects to server-54-230-163-193.jax1.r.cloudfront.net  (54.230.163.193:80)

TCP (HTTP):
Connects to server-54-230-141-177.sfo5.r.cloudfront.net  (54.230.141.177:80)

TCP (HTTP):
Connects to server-54-230-141-172.sfo5.r.cloudfront.net  (54.230.141.172:80)

TCP (HTTP):
Connects to server-52-85-173-152.fra6.r.cloudfront.net  (52.85.173.152:80)

TCP (HTTP):
Connects to server-54-230-206-93.atl50.r.cloudfront.net  (54.230.206.93:80)

Remove ic-0.aad68c10e6392.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.