home

ic-0.b95cb129a53b7.exe

Yuanyuan Mei

The application ic-0.b95cb129a53b7.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-206-218.atl50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
379f1e2569a04b5140ce487877dd0191

SHA-1:
a58d6022dc9abffbeb79de06c69a79c506660798

SHA-256:
bdc6f13d2935886492be60cf1c53d5ef05638fe24144526f0b8da1c643bb9ec5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
7/14/2025 2:17:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.25.20

File size:
417.9 KB (427,968 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.b95cb129a53b7.exe

Digital Signature
Signed by:
Yuanyuan Mei

Authority:
thawte, Inc.

Valid from:
1/17/2017 2:00:00 AM

Valid to:
4/21/2017 2:59:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42CDD87CEEA3C88A57939591CB1B6DE8

File PE Metadata
Compilation timestamp:
2/13/2017 5:41:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3889

Entry point:
E8, FA, EA, FF, FF, E9, 04, 7F, 00, 00, 55, 8B, EC, 81, EC, 88, 00, 00, 00, A1, 00, 50, 46, 00, 33, C5, 89, 45, FC, 0F, B7, 55, 10, 33, C9, 53, 8B, 5D, 1C, B8, FF, 7F, 00, 00, 56, BE, 00, 80, 00, 00, 89, 5D, 8C, 23, D6, C7, 45, D0, CC, CC, CC, CC, 0F, B7, 75, 10, 41, 23, F0, C7, 45, D4, CC, CC, CC, CC, C7, 45, D8, CC, CC, FB, 3F, 89, 55, 80, 89, 45, 9C, 57, 66, 85, D2, 74, 06, C6, 43, 02, 2D, EB, 04, C6, 43, 02, 20, 8B, 7D, 0C, 66, 85, F6, 75, 3A, 85, FF, 0F, 85, C7, 00, 00, 00, 39, 7D, 08, 0F, 85, BE, 00...
 
[+]

Entropy:
7.8234  (probably packed)

Code size:
376 KB (385,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-206-242.atl50.r.cloudfront.net  (54.230.206.242:80)

TCP (HTTP):
Connects to server-54-192-3-136.lhr5.r.cloudfront.net  (54.192.3.136:80)

TCP (HTTP):
Connects to server-52-85-83-168.lax1.r.cloudfront.net  (52.85.83.168:80)

TCP (HTTP):
Connects to server-52-85-77-158.lax3.r.cloudfront.net  (52.85.77.158:80)

TCP (HTTP):
Connects to server-54-192-3-190.lhr5.r.cloudfront.net  (54.192.3.190:80)

TCP (HTTP):
Connects to server-52-85-221-212.cdg50.r.cloudfront.net  (52.85.221.212:80)

TCP (HTTP):
Connects to server-54-230-206-218.atl50.r.cloudfront.net  (54.230.206.218:80)

TCP (HTTP):
Connects to server-54-230-206-193.atl50.r.cloudfront.net  (54.230.206.193:80)

TCP (HTTP):
Connects to server-54-192-230-4.waw50.r.cloudfront.net  (54.192.230.4:80)

TCP (HTTP):
Connects to server-52-85-83-248.lax1.r.cloudfront.net  (52.85.83.248:80)

TCP (HTTP):
Connects to server-52-85-83-13.lax1.r.cloudfront.net  (52.85.83.13:80)

TCP (HTTP):
Connects to server-52-85-77-54.lax3.r.cloudfront.net  (52.85.77.54:80)

TCP (HTTP):
Connects to server-52-85-77-230.lax3.r.cloudfront.net  (52.85.77.230:80)

TCP (HTTP):
Connects to server-52-84-246-234.sfo20.r.cloudfront.net  (52.84.246.234:80)

TCP (HTTP):
Connects to server-52-84-246-187.sfo20.r.cloudfront.net  (52.84.246.187:80)

TCP (HTTP):
Connects to server-52-84-246-17.sfo20.r.cloudfront.net  (52.84.246.17:80)

TCP (HTTP):
Connects to server-52-85-221-30.cdg50.r.cloudfront.net  (52.85.221.30:80)

TCP (HTTP):
Connects to server-52-85-221-132.cdg50.r.cloudfront.net  (52.85.221.132:80)

Remove ic-0.b95cb129a53b7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.