home

dam_ay.exe

Xin Zhou

The executable dam_ay.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Xin Zhou  (signed and verified)

MD5:
439d3d1d3ab3009d2d07fd583686f1b5

SHA-1:
df339cbcac47e57eb0cb09df56a666b0517dbcf8

SHA-256:
166c0e46d3d2a186f9d9abfaeaeebcdf52317fd6c2d7b6b58ecac9c3ab13563e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 11:31:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.26.1

File size:
411.7 KB (421,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\dam_ay.exe

Digital Signature
Signed by:
Xin Zhou

Authority:
thawte, Inc.

Valid from:
1/13/2017 7:00:00 AM

Valid to:
3/23/2017 6:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
23334F52AA250B1C41A972EAE977C950

File PE Metadata
Compilation timestamp:
1/17/2017 9:07:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3B9D

Entry point:
E8, 31, 6D, 00, 00, E9, 95, 8C, 00, 00, 6A, 08, E8, 3B, DE, FF, FF, 59, C3, 55, 8B, EC, 8B, 45, 08, 83, F8, 14, 7D, 16, 83, C0, 10, 50, E8, 25, DE, FF, FF, 8B, 45, 0C, 59, 81, 48, 0C, 00, 80, 00, 00, 5D, C3, 8B, 45, 0C, 83, C0, 20, 50, FF, 15, 68, D0, 45, 00, 5D, C3, 55, 8B, EC, 51, 51, 8B, 4D, 08, F6, C1, 01, 74, 0A, DB, 2D, 08, 49, 46, 00, DB, 5D, 08, 9B, F6, C1, 08, 74, 10, 9B, DF, E0, DB, 2D, 08, 49, 46, 00, DD, 5D, F8, 9B, 9B, DF, E0, F6, C1, 10, 74, 0A, DB, 2D, 14, 49, 46, 00, DD, 5D, F8, 9B, F6, C1...
 
[+]

Entropy:
7.8134  (probably packed)

Remove dam_ay.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.