home

dam_ay.exe

Tianjing Cheng

The executable dam_ay.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Tianjing Cheng  (signed and verified)

MD5:
47f8647661cd07830756d1225d4a8e18

SHA-1:
15faed350058a2e52990d07aebc98b463c4f3d9e

SHA-256:
df7b9b601223a3dbf145b373210945855bbe65da7a34ba509af0277556bc2b66

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 5:22:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation (M)
17.1.25.2

File size:
401.7 KB (411,360 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dam_ay.exe

Digital Signature
Signed by:
Tianjing Cheng

Authority:
thawte, Inc.

Valid from:
1/17/2017 2:00:00 AM

Valid to:
7/13/2017 1:59:59 AM

Subject:
CN=Tianjing Cheng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
055CE77FB0842829D7833596D6103559

File PE Metadata
Compilation timestamp:
1/18/2017 11:15:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x6433

Entry point:
E8, 6A, D8, FF, FF, E9, 14, 52, 00, 00, 55, 8B, EC, 8B, 45, 08, 33, C9, 53, 33, DB, 43, 89, 48, 04, 8B, 45, 08, 57, BF, 0D, 00, 00, C0, 89, 48, 08, 8B, 45, 08, 89, 48, 0C, 8B, 4D, 10, F6, C1, 10, 74, 0B, 8B, 45, 08, BF, 8F, 00, 00, C0, 09, 58, 04, F6, C1, 02, 74, 0C, 8B, 45, 08, BF, 93, 00, 00, C0, 83, 48, 04, 02, F6, C1, 01, 74, 0C, 8B, 45, 08, BF, 91, 00, 00, C0, 83, 48, 04, 04, F6, C1, 04, 74, 0C, 8B, 45, 08, BF, 8E, 00, 00, C0, 83, 48, 04, 08, F6, C1, 08, 74, 0C, 8B, 45, 08, BF, 90, 00, 00, C0, 83, 48...
 
[+]

Entropy:
7.8279  (probably packed)

Code size:
358 KB (366,592 bytes)

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.