home

yymusic05.exe

GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘yyfm0529_2014062915’.
Publisher:
音乐FM  (signed by GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.)

Product:
音乐FM

Version:
1.14.529.1

MD5:
903f65369f707ab2ead6889928cfe1e7

SHA-1:
7ba16dd5fc5dfa4911942dc6f5842e5d8fa464f5

SHA-256:
4e5a901d474055495bfc882a85e809eab0c1cba70cdc09bbea6e86960b2720e9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:06:19 AM UTC  (today)

File size:
1.9 MB (1,979,536 bytes)

Product version:
1.14.529.1

Copyright:
Copyright (C) 2014

Original file name:
MusicPla.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\yyfm0529\2014062915\yymusic05.exe

Digital Signature
Signed by:
GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.

Authority:
Thawte, Inc.

Valid from:
4/14/2014 8:00:00 AM

Valid to:
4/15/2015 7:59:59 AM

Subject:
CN="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", O="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2BAC93FD3FE5B005036AD0D4C873C6E5

File PE Metadata
Compilation timestamp:
5/29/2014 3:17:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:N9GI83SVG7REBSgto+tDrMwuj5zjJz3xZzwuPT1WQ7NyB:NESVZBSOo+prx23kIWA0B

Entry address:
0x69567

Entry point:
E8, B3, BE, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 33, F6, 39, 75, 08, 75, 1A, E8, F8, 11, 00, 00, 89, 30, E8, DE, 11, 00, 00, 6A, 16, 5E, 89, 30, E8, FF, 44, 00, 00, 8B, C6, EB, 55, F7, 45, 0C, F9, FF, FF, FF, 75, DD, FF, 75, 08, FF, 15, 8C, 16, 49, 00, 83, F8, FF, 75, 16, FF, 15, E4, 17, 49, 00, 50, E8, D3, 11, 00, 00, 59, E8, A7, 11, 00, 00, 8B, 00, EB, 28, A8, 10, 75, 22, A8, 01, 74, 1E, F6, 45, 0C, 02, 74, 18, E8, A3, 11, 00, 00, C7, 00, 05, 00, 00, 00, E8, 85, 11, 00, 00, C7, 00, 0D, 00...
 
[+]

Entropy:
7.5802

Code size:
575.5 KB (589,312 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
yyfm0529_2014062915

Command:
"C:\Program Files\yyfm0529\2014062915\yymusic05.exe" -mini


Scan yymusic05.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.