home

lyi_my.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application lyi_my.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-141-79.sfo5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing Caiyunshidai Technology Co., Ltd.  (signed and verified)

MD5:
8c777e176e85a279c61e76d1b51ffeb2

SHA-1:
0a69b1d7fc2053c27451871368891d4e7935b7a1

SHA-256:
97ea5abcda9520ece7e685d47247096679e61b78b59d66160a5db178988f698f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 6:32:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.1.31.13

File size:
416.7 KB (426,728 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lyi_my.exe

Digital Signature
Signed by:
Beijing Caiyunshidai Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
1/20/2017 5:00:00 AM

Valid to:
3/4/2017 4:59:59 AM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0AC4297921FE0BAA8A14BB51B91C3AC1

File PE Metadata
Compilation timestamp:
1/19/2017 4:38:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3E10

Entry point:
E8, 3E, 2A, 00, 00, E9, 8E, 7D, 00, 00, 6A, 08, 68, F0, 4A, 46, 00, E8, DA, 8E, 00, 00, 8B, 75, 08, C7, 46, 5C, D8, 0F, 46, 00, 83, 66, 08, 00, 33, FF, 47, 89, 7E, 14, 89, 7E, 70, 6A, 43, 58, 66, 89, 86, B8, 00, 00, 00, 66, 89, 86, BE, 01, 00, 00, C7, 46, 68, D0, 64, 46, 00, 83, A6, B8, 03, 00, 00, 00, 6A, 0D, E8, 22, 05, 00, 00, 59, 83, 65, FC, 00, 8B, 46, 68, 8B, CF, F0, 0F, C1, 08, C7, 45, FC, FE, FF, FF, FF, E8, 3E, 00, 00, 00, 6A, 0C, E8, 01, 05, 00, 00, 59, 89, 7D, FC, 8B, 45, 0C, 89, 46, 6C, 85, C0...
 
[+]

Entropy:
7.8189  (probably packed)

Code size:
372.5 KB (381,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-81-164.mia50.r.cloudfront.net  (54.230.81.164:80)

TCP (HTTP):
Connects to server-52-84-126-45.iad16.r.cloudfront.net  (52.84.126.45:80)

TCP (HTTP):
Connects to server-52-84-126-224.iad16.r.cloudfront.net  (52.84.126.224:80)

TCP (HTTP):
Connects to server-54-230-81-23.mia50.r.cloudfront.net  (54.230.81.23:80)

TCP (HTTP):
Connects to server-54-230-81-187.mia50.r.cloudfront.net  (54.230.81.187:80)

TCP (HTTP):
Connects to server-54-230-187-199.cdg51.r.cloudfront.net  (54.230.187.199:80)

TCP (HTTP):
Connects to server-54-230-141-202.sfo5.r.cloudfront.net  (54.230.141.202:80)

TCP (HTTP):
Connects to server-54-192-14-11.ams1.r.cloudfront.net  (54.192.14.11:80)

TCP (HTTP):
Connects to server-52-85-173-44.fra6.r.cloudfront.net  (52.85.173.44:80)

TCP (HTTP):
Connects to server-54-230-81-71.mia50.r.cloudfront.net  (54.230.81.71:80)

TCP (HTTP):
Connects to server-54-230-81-202.mia50.r.cloudfront.net  (54.230.81.202:80)

TCP (HTTP):
Connects to server-52-84-126-189.iad16.r.cloudfront.net  (52.84.126.189:80)

TCP (HTTP):
Connects to server-54-230-81-98.mia50.r.cloudfront.net  (54.230.81.98:80)

TCP (HTTP):
Connects to server-54-230-81-240.mia50.r.cloudfront.net  (54.230.81.240:80)

TCP (HTTP):
Connects to server-54-230-81-237.mia50.r.cloudfront.net  (54.230.81.237:80)

TCP (HTTP):
Connects to server-54-230-81-161.mia50.r.cloudfront.net  (54.230.81.161:80)

TCP (HTTP):
Connects to server-54-230-81-155.mia50.r.cloudfront.net  (54.230.81.155:80)

TCP (HTTP):
Connects to server-54-230-81-10.mia50.r.cloudfront.net  (54.230.81.10:80)

TCP (HTTP):
Connects to server-54-230-187-96.cdg51.r.cloudfront.net  (54.230.187.96:80)

TCP (HTTP):
Connects to server-54-230-187-94.cdg51.r.cloudfront.net  (54.230.187.94:80)

Remove lyi_my.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.