» ic-0.9317563a7517f.exe
Overview
Analysis
File Details
Network (8)

ic-0.9317563a7517f.exe

Yuanyuan Mei

The application ic-0.9317563a7517f.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-83-123.lax1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Publisher:

Yuanyuan Mei (signed and verified)

MD5:

35171850654abd468e1a573f1b8a7c1e

SHA-1:

a47b3f9cb2dd2e2158d15ccb8a5367e1e1357828

SHA-256:

b5fc834c1f0a7a61d7962e89cb1673656eae13be1d12c910006e47ff9cf24b64

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

10/15/2025 4:24:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

17.2.17.9

File size:

414.6 KB (424,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.9317563a7517f.exe

Digital Signature

Signed by:

Yuanyuan Mei

Authority:

thawte, Inc.

Valid from:

1/29/2017 7:00:00 AM

Valid to:

4/21/2017 6:59:59 AM

Subject:

CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

6D286A7429FA6BDBCF1E45A174620DBE

File PE Metadata

Compilation timestamp:

2/13/2017 7:53:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x9DB2

Entry point:

E8, AD, 98, FF, FF, E9, 75, 16, 00, 00, 56, 57, 68, 68, 01, 46, 00, FF, 15, D4, F0, 45, 00, 8B, 35, 14, F0, 45, 00, 8B, F8, 68, 84, 01, 46, 00, 57, FF, D6, 33, 05, 00, 50, 46, 00, 68, 90, 01, 46, 00, 57, A3, 20, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, 98, 01, 46, 00, 57, A3, 24, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, A4, 01, 46, 00, 57, A3, 28, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, B0, 01, 46, 00, 57, A3, 2C, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, CC, 01, 46, 00, 57, A3... 
[+]

Entropy:

7.8309 (probably packed)

Code size:

373.5 KB (382,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-85-83-118.lax1.r.cloudfront.net (52.85.83.118:80)

TCP (HTTP):

Connects to server-54-230-216-40.mrs50.r.cloudfront.net (54.230.216.40:80)

TCP (HTTP):

Connects to server-54-230-216-245.mrs50.r.cloudfront.net (54.230.216.245:80)

TCP (HTTP):

Connects to server-54-230-216-242.mrs50.r.cloudfront.net (54.230.216.242:80)

TCP (HTTP):

Connects to server-54-230-216-239.mrs50.r.cloudfront.net (54.230.216.239:80)

TCP (HTTP):

Connects to server-54-230-216-16.mrs50.r.cloudfront.net (54.230.216.16:80)

TCP (HTTP):

Connects to server-52-85-83-28.lax1.r.cloudfront.net (52.85.83.28:80)

TCP (HTTP):

Connects to server-52-85-83-123.lax1.r.cloudfront.net (52.85.83.123:80)

Remove ic-0.9317563a7517f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.