» lyi_my.exe
Overview
Analysis
File Details

lyi_my.exe

Ding Ruan

The application lyi_my.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

lyi_my.exe

Publisher:

Ding Ruan (signed and verified)

MD5:

db44b557ff667f342a5c0a6ba69895ea

SHA-1:

11922d9d19c484acb7e93a7aef7339e40741860c

SHA-256:

b15bf124b1fdd35ba70f6145f659b7ff67af995888e1746a55dcc0e5b737cc54

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/20/2024 10:40:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ELEX (M)

17.2.4.6

File size:

416.4 KB (426,432 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lyi_my.exe

Digital Signature

Signed by:

Ding Ruan

Authority:

thawte, Inc.

Valid from:

1/20/2017 10:00:00 PM

Valid to:

4/13/2017 8:59:59 PM

Subject:

CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

4927A4449E1C28AD3321447571D79DD3

File PE Metadata

Compilation timestamp:

1/19/2017 11:28:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x6741

Entry point:

E8, 47, F7, FF, FF, E9, FC, 5C, 00, 00, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 00, 50, 46, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, D0, AC, FF, FF, 8B, 47, 08, 8B, 4F, 0C, 03, CE, 33, 0C, 30, E8, C0, AC, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, CF, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, ED, 00, 00... 
[+]

Code size:

371 KB (379,904 bytes)

Remove lyi_my.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.