home

88dd.tmp.exe

YoMailMigration

YoMail

The executable 88dd.tmp.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘xinlen’.
Publisher:
YoMail

Product:
YoMailMigration

Description:
Data Migration

Version:
7.7.0.0

MD5:
9b8027e054b72b077db0df612b18853b

SHA-1:
b34d1393d538f567e5d14fe6dca5df55357696ac

SHA-256:
f4ba964a0defb2b4542ecdd48ae2fa8f318d3be67e2c05cbb62fa6141e6010a3

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
5/5/2024 11:27:54 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Spy.Agent.OWQ trojan
6.3.12010.0

Microsoft Security Essentials
Trojan:Win32/Qzonit.A!bit
1.237.1214.0

File size:
767 KB (785,428 bytes)

Product version:
7.7.0.0

Copyright:
Copyright (C) 2016

Original file name:
YoMailMigration.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\88dd.tmp.exe

File PE Metadata
Compilation timestamp:
3/14/2017 12:37:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x199D73

Entry point:
60, 89, 04, 24, E8, 94, 52, 00, 00, F9, C0, C0, 04, E9, DA, 9F, FE, FF, D1, 37, 5C, 36, 38, 93, 50, F2, 01, FD, 62, EF, 27, 77, DC, 27, 75, 83, D1, 5F, FE, 56, B0, BE, 8E, 09, 8E, 70, 6C, 1C, DF, 8B, C7, 90, 73, 41, 70, A9, 02, FA, FA, 16, 2E, 50, 89, 8B, FC, AC, AA, 8E, 47, E4, A6, A9, FD, 67, 46, 3D, 39, F8, 18, BC, F0, 6A, 10, CA, 15, D1, 63, FB, 74, D5, 7A, 48, 85, AA, DF, E1, 9C, F3, 8A, FD, E0, CF, 7E, 6A, 2C, 92, 32, 0B, EE, 82, 0F, F1, 60, 3F, 92, 2D, 54, 44, 6D, 4F, 73, 58, 65, CF, C0, EA, 19, 47...
 
[+]

Entropy:
7.9757  (probably packed)

Code size:
137.5 KB (140,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
xinlen

Command:
C:\users\{user}\appdata\local\temp\88dd.tmp.exe


Remove 88dd.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.