home

dam_ay.exe

VANKY TECHNOLOGY LIMITED

The application dam_ay.exe by VANKY TECHNOLOGY LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from d3g1g0k0wwnjag.cloudfront.net.
Publisher:
VANKY TECHNOLOGY LIMITED  (signed and verified)

MD5:
d43350ff12952abdc1b98ebf187884f7

SHA-1:
5e54c2f3f8b32fb2a2335ca627e2dec6bbb83f6f

SHA-256:
492d74a304a30947c7e1902a593be6a76f516c67d2c8aeab1ebc8b582384671b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:17:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.YesSearches (M)
16.12.9.5

File size:
419.3 KB (429,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\dam_ay.exe

Digital Signature
Signed by:
VANKY TECHNOLOGY LIMITED

Authority:
GlobalSign nv-sa

Valid from:
11/30/2016 4:32:48 AM

Valid to:
1/21/2017 3:41:53 AM

Subject:
CN=VANKY TECHNOLOGY LIMITED, O=VANKY TECHNOLOGY LIMITED, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
1079AB1B32079EFF3361C7B2

File PE Metadata
Compilation timestamp:
11/23/2016 8:07:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xA264

Entry point:
E8, DE, D3, FF, FF, E9, 6B, 45, 00, 00, 6A, 03, E8, E7, D6, FF, FF, 59, 83, F8, 01, 74, 15, 6A, 03, E8, DA, D6, FF, FF, 59, 85, C0, 75, 1F, 83, 3D, E0, 76, 46, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 11, A2, FF, FF, 68, FF, 00, 00, 00, E8, 07, A2, FF, FF, 59, 59, C3, 55, 8B, EC, 51, 51, 8B, 4D, 08, F6, C1, 01, 74, 0A, DB, 2D, 38, 61, 46, 00, DB, 5D, 08, 9B, F6, C1, 08, 74, 10, 9B, DF, E0, DB, 2D, 38, 61, 46, 00, DD, 5D, F8, 9B, 9B, DF, E0, F6, C1, 10, 74, 0A, DB, 2D, 44, 61, 46, 00, DD, 5D, F8, 9B, F6, C1...
 
[+]

Code size:
376 KB (385,024 bytes)

The file dam_ay.exe has been seen being distributed by the following URL.

http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.