» ytswhaapjdsmm.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

ytswhaapjdsmm.exe

Launcher

This is a setup program which is used to install the application. The file has been seen being downloaded from www.mmoninja.com.

File name:

ytswhaapjdsmm.exe

Publisher:

Launcher

Product:

Launcher

Version:

1.0.0.0

MD5:

74db6b46ea6a9b5b6f2494bf9f115c7e

SHA-1:

563b0796e88252cd9c07809e254d83efdf185749

SHA-256:

afc7c4f53dd899f8703f1f3aeac5e19035a61c8b04708ec0a4386250b9434d02

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/17/2025 9:02:11 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-150524

Baidu Antivirus

Hacktool.Win32.Packed.Themida

4.0.3.15524

Bkav FE

W32.HfsAutoB

1.3.0.6379

ESET NOD32

Win32/Packed.Themida suspicious (variant)

9.11416

G Data

Win32.Trojan.Agent.SKJUDG

15.5.25

Trend Micro House Call

Suspicious_GEN.F47V0312

7.2.144

File size:

5.8 MB (6,029,312 bytes)

Product version:

1.0.0.0

Launcher

Trademarks:

Launcher

Original file name:

Launcher.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

10/7/2013 10:24:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:r/iyXSxSHlbEls7oDM0U3DjebsSTSLhRl2FFXI9o0s7gPf+1JRoMGO+uqrB:rPSyT7tpfGTSLhRonXI9otF2Nfuqr

Entry address:

0x7C8000

Entry point:

53, 54, 5B, 81, C3, 04, 00, 00, 00, 50, B8, 04, 00, 00, 00, 29, C3, 8B, 04, 24, 83, C4, 04, 87, 1C, 24, 5C, 68, A1, 1F, 00, 00, 89, 04, 24, 81, EC, 04, 00, 00, 00, 89, 34, 24, 89, 0C, 24, 89, 14, 24, 89, 1C, 24, E8, 01, 00, 00, 00, CC, 8B, 04, 24, 57, 54, 5F, 81, C7, 04, 00, 00, 00, 52, BA, E9, 18, 0D, 10, 81, CA, 31, 5C, BE, 3C, D1, E2, 42, 81, EA, 9F, 4E, 67, 3F, F7, D2, 81, EA, A7, 94, E8, C5, 01, D7, 5A, 87, 3C, 24, 5C, 68, C3, 58, 00, 00, 89, 04, 24, 8B, 1C, 24, 53, 89, E3, 81, C3, 04, 00, 00, 00, 81... 
[+]

Entropy:

7.7065 (probably packed)

Code size:

4.3 MB (4,483,584 bytes)

The file ytswhaapjdsmm.exe has been seen being distributed by the following URL.

http://www.mmoninja.com/download-client.html

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to server.imeifix.com (96.30.7.112:443)

Scan ytswhaapjdsmm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.