damu_ay.exe

Yu Bao

The executable damu_ay.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Yu Bao  (signed and verified)

MD5:
6714809ba00675aed99fc5ce6f503ed6

SHA-1:
1e9b91c78892e09407625132a65e2c0a45d65ff4

SHA-256:
439505bc2fe4744a82e45b32584d6139928983c92996c43f18ffe5570138a8d5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 6:55:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.16.5

File size:
418.4 KB (428,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\damu_ay.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/19/2016 10:00:00 PM

Valid to:
11/21/2017 9:59:59 PM

Subject:
CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1D3674A5213BF2E51F2E183E408F80E6

File PE Metadata
Compilation timestamp:
3/8/2017 12:21:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xBA40

Entry point:
E8, 2C, 98, FF, FF, E9, 7B, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 2D, A4, 03, 00, 00, 74, 26, 83, E8, 04, 74, 1A, 83, E8, 0D, 74, 0E, 48, 74, 04, 33, C0, 5D, C3, A1, C0, 01, 46, 00, 5D, C3, A1, BC, 01, 46, 00, 5D, C3, A1, B8, 01, 46, 00, 5D, C3, A1, B4, 01, 46, 00, 5D, C3, 55, 8B, EC, 83, EC, 10, 8D, 4D, F0, 6A, 00, E8, 60, 67, FF, FF, 83, 25, CC, 75, 46, 00, 00, 8B, 45, 08, 83, F8, FE, 75, 12, C7, 05, CC, 75, 46, 00, 01, 00, 00, 00, FF, 15, 50, 00, 46, 00, EB, 2C, 83, F8, FD, 75, 12, C7, 05, CC, 75, 46, 00...
 
[+]

Code size:
377 KB (386,048 bytes)

Remove damu_ay.exe - Powered by Reason Core Security