amc_ay.exe

VANKY TECHNOLOGY LIMITED

The application amc_ay.exe by VANKY TECHNOLOGY LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VANKY TECHNOLOGY LIMITED  (signed and verified)

MD5:
cb434780624591fcf7fcbafc872071ac

SHA-1:
f634f53298e1f35ebdd6168e6bf03460716e7aa0

SHA-256:
49cc817775daa2d4806ee7893b8d0dcf7db50629599e39ed06662bd5bc261a9a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:43:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.YesSearches (M)
16.11.1.4

File size:
412.5 KB (422,368 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\amc_ay.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/14/2016 4:24:09 AM

Valid to:
1/21/2017 12:41:53 AM

Subject:
CN=VANKY TECHNOLOGY LIMITED, O=VANKY TECHNOLOGY LIMITED, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
4BECA26210737A5442FF8B47

File PE Metadata
Compilation timestamp:
10/24/2016 9:30:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:ypFUi3C4uIIj2nd5YvUqvH2ZsKY+MaUuWwO5kXxLJ7jD1eDbOmLOFNbdVU4Q/pc:yXCT2nVqf2ZIXaywO5klJr1kURAc

Entry address:
0x8D64

Entry point:
E8, 06, A6, FF, FF, E9, 73, 38, 00, 00, 55, 8B, EC, 51, FF, 75, 0C, 83, 65, FC, 00, E8, B9, E9, FF, FF, 59, 85, C0, 75, 05, B8, 90, F6, 45, 00, 8B, 4D, 08, 50, E8, 36, C1, FF, FF, 8B, 45, 08, 8B, E5, 5D, C2, 08, 00, 55, 8B, EC, 51, FF, 75, 0C, 83, 65, FC, 00, E8, 62, DF, FF, FF, 59, 85, C0, 75, 05, B8, 90, F6, 45, 00, 8B, 4D, 08, 50, E8, 0A, C1, FF, FF, 8B, 45, 08, 8B, E5, 5D, C2, 08, 00, 55, 8B, EC, 83, EC, 2C, A1, 00, 30, 46, 00, 33, C5, 89, 45, FC, 8B, 45, 08, 8D, 4D, E4, 53, 8B, 5D, 14, 56, 57, 8B, 7D...
 
[+]

Code size:
360 KB (368,640 bytes)

Remove amc_ay.exe - Powered by Reason Core Security