home

yinyuetai.exe

音悦mini2.0内测版

Yinyuechangxiang Network Technology (Beijing) Co Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘yinyuetai’.
Publisher:
www.yinyuetai.com  (signed by Yinyuechangxiang Network Technology (Beijing) Co Ltd)

Product:
音悦mini2.0内测版

Description:
yinyuetai

Version:
1.0.0.1

MD5:
543f20932c1b2eda357c452ca722b156

SHA-1:
4f38f1b7f85b88319180a23819d840d6606a78de

SHA-256:
f5512933c8ede521d4178294f157d1d863301ea4483b6219ddd71f62da5bc01d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 6:12:47 AM UTC  (today)

File size:
2.7 MB (2,803,832 bytes)

Product version:
1.0.0.1

Copyright:
www.yinyuetai.com. All rights reserved.

Original file name:
yinyuetai.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\yinyuetai\yinyuetai.exe

Digital Signature
Signed by:
Yinyuechangxiang Network Technology (Beijing) Co Ltd

Authority:
VeriSign, Inc.

Valid from:
5/7/2013 8:00:00 AM

Valid to:
8/7/2014 7:59:59 AM

Subject:
CN=Yinyuechangxiang Network Technology (Beijing) Co Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yinyuechangxiang Network Technology (Beijing) Co Ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
64DFE485373381D402C46A678FC0F13B

File PE Metadata
Compilation timestamp:
3/5/2014 6:38:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:9poiM6nZR4XlHg7ivLpaQXwg6PGX/yeKCAsQRFbQ9pZFbWp3cqOeZ9mxBbA:lZR4XlHgMLZXwg6PA/yeKCAsQR5kZFW7

Entry address:
0x14B13A

Entry point:
E8, B9, B5, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, F0, CE, 5D, 00, 75, 02, F3, C3, E9, 40, B6, 00, 00, 8B, FF, 51, C7, 01, 10, FC, 5A, 00, E8, 38, B7, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6E, 1C, F0, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 77, B7, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59, 8D, 7D, E4, 89, 5D...
 
[+]

Entropy:
6.4982

Code size:
1.5 MB (1,577,472 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
yinyuetai

Command:
C:\Program Files\yinyuetai\yinyuetai.exe yyt_hide


Scan yinyuetai.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.