» ruhyy.exe
Overview
Analysis
File Details
Downloads (1)

ruhyy.exe

Install

SPRT

The application ruhyy.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.panningmanybanded.site.

File name:

ruhyy.exe

Publisher:

SPRT

Product:

Install

Description:

-----

Version:

61.63.70.233

MD5:

fd7977675d03e5cb7290777758d6d9d3

SHA-1:

e11d5675906c2cd4064a8a4593fa5b4315f12c3d

SHA-256:

030e140d0cdea9b6064f367097e729aa36fc6d7934c799ed7121913541feb944

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/12/2025 5:16:54 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

160327-1

Emsisoft Anti-Malware

Gen:Variant.Razy.18984

11.5.0.6191

ESET NOD32

Win32/Amonetize.QK potentially unwanted application

8.0.319.0

Norman

Gen:Variant.Razy.50870

02.04.2016 17:35:19

File size:

800.5 KB (819,712 bytes)

Product version:

61.63.70.233

LC 2015

Trademarks:

Trd Mark

Original file name:

tinyinstall.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ruhyy.exe

File PE Metadata

Compilation timestamp:

5/11/2016 8:07:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:FHoioPuhEr7PWiknrTTQ0660IhlBQIsuGd3oxoabFYeSG5vUQLZNt8x:OioWhKyPrTT9CIhwIsuGd3onWXGUS2

Entry address:

0x4989

Entry point:

E8, 79, 27, 00, 00, E9, 7D, FE, FF, FF, 6A, 00, FF, 15, 10, 90, 40, 00, C3, FF, 15, 24, 90, 40, 00, C2, 04, 00, 8B, FF, 56, FF, 35, 38, D3, 40, 00, FF, 15, 28, 90, 40, 00, 8B, F0, 85, F6, 75, 1B, FF, 35, 44, DF, 40, 00, FF, 15, 14, 90, 40, 00, 8B, F0, 56, FF, 35, 38, D3, 40, 00, FF, 15, 2C, 90, 40, 00, 8B, C6, 5E, C3, A1, 34, D3, 40, 00, 83, F8, FF, 74, 16, 50, FF, 35, 4C, DF, 40, 00, FF, 15, 14, 90, 40, 00, FF, D0, 83, 0D, 34, D3, 40, 00, FF, A1, 38, D3, 40, 00, 83, F8, FF, 74, 0E, 50, FF, 15, 30, 90, 40... 
[+]

Code size:

31 KB (31,744 bytes)

The file ruhyy.exe has been seen being distributed by the following URL.

http://www.panningmanybanded.site/.../ruhyy.exe

Remove ruhyy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.