home

fjakw.exe

YoMailMigration

YoMail

The executable fjakw.exe has been detected as malware by 8 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘xinlen’.
Publisher:
YoMail

Product:
YoMailMigration

Description:
Data Migration

Version:
7.7.0.0

MD5:
4a5df47a75dc0ce84150e213f318ebd0

SHA-1:
6d5240afabe70c7f9c2a7469eeb4b6cf114926ce

SHA-256:
2909860cb5e50298a5fe66b8a90beff05bc6e1d8a8be749de2e72ec5e51969ba

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
5/8/2024 1:28:53 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17316

Bkav FE
HW32.Packed
1.3.0.8876

ESET NOD32
Win32/Spy.Agent.OWQ (variant)
11.15095

Microsoft Security Essentials
Trojan:Win32/Qzonit.A!bit
1.1.13504.0

Panda Antivirus
Trj/Genetic.gen
17.03.16.01

Qihoo 360 Security
HEUR/QVM16.0.0000.Malware.Gen
1.0.0.1120

Quick Heal
(Suspicious) - DNAScan
3.17.14.00

Sophos
Mal/VMProtBad-A
4.98

File size:
767 KB (785,408 bytes)

Product version:
7.7.0.0

Copyright:
Copyright (C) 2016

Original file name:
YoMailMigration.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\fjakw.exe

File PE Metadata
Compilation timestamp:
3/14/2017 12:37:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x199D73

Entry point:
60, 89, 04, 24, E8, 94, 52, 00, 00, F9, C0, C0, 04, E9, DA, 9F, FE, FF, D1, 37, 5C, 36, 38, 93, 50, F2, 01, FD, 62, EF, 27, 77, DC, 27, 75, 83, D1, 5F, FE, 56, B0, BE, 8E, 09, 8E, 70, 6C, 1C, DF, 8B, C7, 90, 73, 41, 70, A9, 02, FA, FA, 16, 2E, 50, 89, 8B, FC, AC, AA, 8E, 47, E4, A6, A9, FD, 67, 46, 3D, 39, F8, 18, BC, F0, 6A, 10, CA, 15, D1, 63, FB, 74, D5, 7A, 48, 85, AA, DF, E1, 9C, F3, 8A, FD, E0, CF, 7E, 6A, 2C, 92, 32, 0B, EE, 82, 0F, F1, 60, 3F, 92, 2D, 54, 44, 6D, 4F, 73, 58, 65, CF, C0, EA, 19, 47...
 
[+]

Entropy:
7.9757  (probably packed)

Code size:
137.5 KB (140,800 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
xinlen

Command:
C:\users\{user}\appdata\local\temp\fjakw.exe


Remove fjakw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.