» dam_ay.exe
Overview
Analysis
File Details
Downloads (1)

dam_ay.exe

Tianjing Cheng

The executable dam_ay.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from d3g1g0k0wwnjag.cloudfront.net.

File name:

dam_ay.exe

Publisher:

Tianjing Cheng (signed and verified)

MD5:

70567f7b20c17aa304e766b5d80ee164

SHA-1:

e520e802037eb1aff337c659792d38f766f363cd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 7:51:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation (M)

17.1.27.7

File size:

412.7 KB (422,624 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\dam_ay.exe

Digital Signature

Signed by:

Tianjing Cheng

Authority:

thawte, Inc.

Valid from:

1/18/2017 1:00:00 AM

Valid to:

7/13/2017 1:59:59 AM

Subject:

CN=Tianjing Cheng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

616D02305A2AB5D5F4E142DAF5EB5D79

File PE Metadata

Compilation timestamp:

1/18/2017 9:51:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x8918

Entry point:

E8, D9, CA, FF, FF, E9, 51, 3C, 00, 00, 6A, 08, 68, D8, 39, 46, 00, E8, 72, 41, 00, 00, BE, 10, 58, 46, 00, 39, 35, 0C, 58, 46, 00, 74, 2A, 6A, 0C, E8, 80, AE, FF, FF, 59, 83, 65, FC, 00, 56, 68, 0C, 58, 46, 00, E8, 37, EF, FF, FF, 59, 59, A3, 0C, 58, 46, 00, C7, 45, FC, FE, FF, FF, FF, E8, 06, 00, 00, 00, E8, 7B, 41, 00, 00, C3, 6A, 0C, E8, CB, CF, FF, FF, 59, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D... 
[+]

Code size:

365 KB (373,760 bytes)

The file dam_ay.exe has been seen being distributed by the following URL.

http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe

Remove dam_ay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.