» yesdearupdate.exe
Overview
Analysis
File Details

yesdearupdate.exe

Sice Xing

The application yesdearupdate.exe by Sice Xing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

yesdearupdate.exe

Publisher:

Sice Xing (signed and verified)

MD5:

6653c2da88c7fe192ef9a622cf088be7

SHA-1:

f0b9f57133c4efdc731d0b5bf6f9460020f50d49

SHA-256:

72a0a4ac853d22003d3439ec406ddafbe0dd516ca501ef4322ab5298141b0e56

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/18/2025 12:48:28 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.11.10.9

File size:

593.4 KB (607,616 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\yesdearupdate.exe

Digital Signature

Signed by:

Sice Xing

Authority:

thawte, Inc.

Valid from:

7/8/2016 1:00:00 AM

Valid to:

4/2/2017 12:59:59 AM

Subject:

CN=Sice Xing, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

62EEAD6B43E8FB7276E133CA2A5B42EF

File PE Metadata

Compilation timestamp:

7/8/2016 8:46:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:gJJEXJKavL7uVRaQUtDS0Xq8rJvzQGuNSsHWeJJm:IJEXQavL7+cQjUqMkXMsHW+Jm

Entry address:

0x48DBD

Entry point:

82, DC, 6F, 00, 00, 83, EA, 94, 95, 95, 95, 4F, B2, A9, 2C, 00, E1, 27, 9E, 0E, E3, 67, 00, 00, 00, 00, 33, 35, 35, 34, 31, E1, 8F, 37, 3B, 98, A9, 3A, 0E, 95, 5F, 00, 00, 00, 00, E7, 2E, 4E, 66, 41, 0E, 4E, 66, 39, 3C, 3D, E3, 42, E1, 82, CB, D6, 3B, 22, 00, 59, AF, 3A, 95, 1F, 96, AD, 2F, 96, 95, 95, 95, 95, E7, 2F, 9E, 0E, C9, 00, 00, 00, 00, 98, A9, 3A, 0E, 95, 5F, 00, 00, 00, 00, E7, 2E, 4E, 66, 41, 0E, 4E, 66, 39, 3C, 3D, E3, 42, E1, 82, CB, D6, 3B, 22, 00, 59, AF, 3A, E3, 0F, 9A, 95, 1F, 96, AD, 2F... 
[+]

Code size:

424.5 KB (434,688 bytes)

Remove yesdearupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.