» lyi_my.exe
Overview
Analysis
File Details
Network (7)

lyi_my.exe

Yuanyuan Zhang

The application lyi_my.exe by Yuanyuan Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-192-123-9.dfw50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

lyi_my.exe

Publisher:

Yuanyuan Zhang (signed and verified)

MD5:

e8a23eac1949d727a5306ee3996160a1

SHA-1:

fc17136db3b998b6ff126469d7d782056b10fbe2

SHA-256:

569d8a6a36039329bc4d41c727f54019d952726918efce31bd58fefa8ac3f053

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 10:55:39 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Mutahba (M)

17.2.2.9

File size:

415.1 KB (425,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lyi_my.exe

Digital Signature

Signed by:

Yuanyuan Zhang

Authority:

thawte, Inc.

Valid from:

1/19/2017 4:00:00 PM

Valid to:

4/20/2017 4:59:59 PM

Subject:

CN=Yuanyuan Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

754814E2C007127BE053F991CE381DAB

File PE Metadata

Compilation timestamp:

1/18/2017 1:47:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x167E

Entry point:

E8, 46, 34, 00, 00, E9, EB, AE, 00, 00, 55, 8B, EC, 83, EC, 2C, A1, 00, 50, 46, 00, 33, C5, 89, 45, FC, 8B, 45, 08, 8D, 4D, D4, 53, 56, 8B, 75, 0C, 57, FF, 75, 10, 89, 45, EC, 8B, 45, 14, 89, 45, E4, E8, 82, 91, 00, 00, 8D, 45, D4, 33, FF, 50, 57, 57, 57, 57, 56, 8D, 45, E8, 50, 8D, 45, F0, 50, E8, F1, 6D, 00, 00, 8B, D8, 83, C4, 20, 8B, 45, E4, 85, C0, 74, 05, 8B, 4D, E8, 89, 08, FF, 75, EC, 8D, 45, F0, 50, E8, F4, 63, 00, 00, 59, 59, F6, C3, 03, 75, 0E, 83, F8, 01, 74, 13, 83, F8, 02, 75, 11, 6A, 04, EB... 
[+]

Entropy:

7.7832 (probably packed)

Code size:

368 KB (376,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-19-105.iad12.r.cloudfront.net (54.192.19.105:80)

TCP (HTTP):

Connects to server-54-192-19-199.iad12.r.cloudfront.net (54.192.19.199:80)

TCP (HTTP):

Connects to server-54-192-19-129.iad12.r.cloudfront.net (54.192.19.129:80)

TCP (HTTP):

Connects to server-54-192-123-9.dfw50.r.cloudfront.net (54.192.123.9:80)

TCP (HTTP):

Connects to server-54-192-123-171.dfw50.r.cloudfront.net (54.192.123.171:80)

TCP (HTTP):

Connects to server-54-192-123-125.dfw50.r.cloudfront.net (54.192.123.125:80)

TCP (HTTP):

Connects to server-54-192-123-106.dfw50.r.cloudfront.net (54.192.123.106:80)

Remove lyi_my.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.