home

yacqq.exe

Hefei Infinity Technology Co., Ltd.

The application yacqq.exe by Hefei Infinity Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-81-162.mia50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Hefei Infinity Technology Co., Ltd.  (signed and verified)

MD5:
7270a0b21ebf0489ac84b7624e152715

SHA-1:
5f5ba980859e4f654559280b02e5a39bd58a572a

SHA-256:
e69a998b37bd9a284ff27fb190ec832d9ed357b29b18f266ba7b5510919d0437

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 4:29:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
17.2.4.8

File size:
265.7 KB (272,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\{random}.tmp\yacqq.exe

Digital Signature
Signed by:
Hefei Infinity Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
11/22/2016 5:30:00 AM

Valid to:
9/8/2017 5:29:59 AM

Subject:
CN="Hefei Infinity Technology Co., Ltd.", O="Hefei Infinity Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
64496AE40D10BF509E7C2D0CDCAD34AB

File PE Metadata
Compilation timestamp:
2/4/2017 7:51:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x9388

Entry point:
E8, 03, 45, 00, 00, E9, A5, 4D, 01, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, C8, 86, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 61, 43, 00, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 58, 16, 44...
 
[+]

Entropy:
6.4841

Code size:
211 KB (216,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-246-56.sfo20.r.cloudfront.net  (52.84.246.56:80)

TCP (HTTP):
Connects to server-52-84-246-41.sfo20.r.cloudfront.net  (52.84.246.41:80)

TCP (HTTP):
Connects to server-54-230-141-77.sfo5.r.cloudfront.net  (54.230.141.77:80)

TCP (HTTP):
Connects to server-52-85-83-183.lax1.r.cloudfront.net  (52.85.83.183:80)

TCP (HTTP):
Connects to server-52-85-83-148.lax1.r.cloudfront.net  (52.85.83.148:80)

TCP (HTTP):
Connects to server-52-84-246-228.sfo20.r.cloudfront.net  (52.84.246.228:80)

TCP (HTTP):
Connects to server-54-230-187-65.cdg51.r.cloudfront.net  (54.230.187.65:80)

TCP (HTTP):
Connects to server-54-230-187-152.cdg51.r.cloudfront.net  (54.230.187.152:80)

TCP (HTTP):
Connects to server-54-230-163-208.jax1.r.cloudfront.net  (54.230.163.208:80)

TCP (HTTP):
Connects to server-54-230-141-58.sfo5.r.cloudfront.net  (54.230.141.58:80)

TCP (HTTP):
Connects to server-54-192-3-69.lhr5.r.cloudfront.net  (54.192.3.69:80)

TCP (HTTP):
Connects to server-54-192-129-233.ams50.r.cloudfront.net  (54.192.129.233:80)

TCP (HTTP):
Connects to server-52-85-83-64.lax1.r.cloudfront.net  (52.85.83.64:80)

TCP (HTTP):
Connects to server-52-85-83-188.lax1.r.cloudfront.net  (52.85.83.188:80)

TCP (HTTP):
Connects to server-52-85-83-170.lax1.r.cloudfront.net  (52.85.83.170:80)

TCP (HTTP):
Connects to server-52-85-63-61.lhr50.r.cloudfront.net  (52.85.63.61:80)

TCP (HTTP):
Connects to server-52-85-63-52.lhr50.r.cloudfront.net  (52.85.63.52:80)

TCP (HTTP):
Connects to server-52-84-33-43.ewr50.r.cloudfront.net  (52.84.33.43:80)

TCP (HTTP):
Connects to server-52-84-33-155.ewr50.r.cloudfront.net  (52.84.33.155:80)

TCP (HTTP):
Connects to server-52-84-246-253.sfo20.r.cloudfront.net  (52.84.246.253:80)

Remove yacqq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.