home

ic-0.fd162a0e8638e.exe

Yuanyuan Mei

The application ic-0.fd162a0e8638e.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-63-138.lhr50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
5e4c93a2b2bed816fa1ed33870e0c351

SHA-1:
c5fcc444eac1618bfbcd26f83e87f97331a1bc78

SHA-256:
f58a71c8c44c4255fd046c65331bc9d39e67f3edc615d4459ec2fb0b4bd6616c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
10/15/2025 4:24:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.17.5

File size:
414.6 KB (424,600 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.fd162a0e8638e.exe

Digital Signature
Signed by:
Yuanyuan Mei

Authority:
thawte, Inc.

Valid from:
1/29/2017 5:30:00 AM

Valid to:
4/21/2017 5:29:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6D286A7429FA6BDBCF1E45A174620DBE

File PE Metadata
Compilation timestamp:
2/13/2017 6:23:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x9DB2

Entry point:
E8, AD, 98, FF, FF, E9, 75, 16, 00, 00, 56, 57, 68, 68, 01, 46, 00, FF, 15, D4, F0, 45, 00, 8B, 35, 14, F0, 45, 00, 8B, F8, 68, 84, 01, 46, 00, 57, FF, D6, 33, 05, 00, 50, 46, 00, 68, 90, 01, 46, 00, 57, A3, 20, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, 98, 01, 46, 00, 57, A3, 24, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, A4, 01, 46, 00, 57, A3, 28, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, B0, 01, 46, 00, 57, A3, 2C, 9A, 46, 00, FF, D6, 33, 05, 00, 50, 46, 00, 68, CC, 01, 46, 00, 57, A3...
 
[+]

Entropy:
7.8309  (probably packed)

Code size:
373.5 KB (382,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-49.mrs50.r.cloudfront.net  (54.230.216.49:80)

TCP (HTTP):
Connects to server-54-230-95-247.fra2.r.cloudfront.net  (54.230.95.247:80)

TCP (HTTP):
Connects to server-54-230-216-217.mrs50.r.cloudfront.net  (54.230.216.217:80)

TCP (HTTP):
Connects to server-52-84-246-164.sfo20.r.cloudfront.net  (52.84.246.164:80)

TCP (HTTP):
Connects to server-52-85-63-239.lhr50.r.cloudfront.net  (52.85.63.239:80)

TCP (HTTP):
Connects to server-54-230-95-32.fra2.r.cloudfront.net  (54.230.95.32:80)

TCP (HTTP):
Connects to server-52-85-63-138.lhr50.r.cloudfront.net  (52.85.63.138:80)

TCP (HTTP):
Connects to server-52-85-63-112.lhr50.r.cloudfront.net  (52.85.63.112:80)

TCP (HTTP):
Connects to server-52-85-221-84.cdg50.r.cloudfront.net  (52.85.221.84:80)

TCP (HTTP):
Connects to server-54-230-216-199.mrs50.r.cloudfront.net  (54.230.216.199:80)

TCP (HTTP):
Connects to server-54-230-216-163.mrs50.r.cloudfront.net  (54.230.216.163:80)

TCP (HTTP):
Connects to server-52-85-83-60.lax1.r.cloudfront.net  (52.85.83.60:80)

TCP (HTTP):
Connects to server-52-85-63-187.lhr50.r.cloudfront.net  (52.85.63.187:80)

TCP (HTTP):
Connects to server-52-85-63-135.lhr50.r.cloudfront.net  (52.85.63.135:80)

TCP (HTTP):
Connects to server-52-84-246-48.sfo20.r.cloudfront.net  (52.84.246.48:80)

TCP (HTTP):
Connects to server-52-84-246-149.sfo20.r.cloudfront.net  (52.84.246.149:80)

TCP (HTTP):
Connects to server-54-230-95-133.fra2.r.cloudfront.net  (54.230.95.133:80)

TCP (HTTP):
Connects to server-54-192-129-8.ams50.r.cloudfront.net  (54.192.129.8:80)

TCP (HTTP):
Connects to server-54-192-129-168.ams50.r.cloudfront.net  (54.192.129.168:80)

TCP (HTTP):
Connects to server-52-85-63-32.lhr50.r.cloudfront.net  (52.85.63.32:80)

Remove ic-0.fd162a0e8638e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.