home

delayplugini.exe

Shenzhen Yi Xing Investment Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DelaypluginInstall’.
Publisher:
Shenzhen Yi Xing Investment Co., Ltd.  (signed and verified)

MD5:
b5ef6ee25a59956feeaa8041cb3225a5

SHA-1:
10c1d6a5323b9ddf0c9bb78621b76d0502757ea4

SHA-256:
d4f2245509b472225d5ef5e7e417e23266f36af83ca1564b8e58f7a79c313425

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/22/2025 11:39:31 PM UTC  (a few moments ago)

File size:
1.9 MB (1,962,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\iskysoft\video converter ultimate\delayplugini.exe

Digital Signature
Signed by:
Shenzhen Yi Xing Investment Co., Ltd.

Authority:
Symantec Corporation

Valid from:
2/21/2016 7:00:00 PM

Valid to:
2/21/2017 6:59:59 PM

Subject:
CN="Shenzhen Yi Xing Investment Co., Ltd.", OU=IT, O="Shenzhen Yi Xing Investment Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
53AEEAAEB4205551C1F874CA136735E5

File PE Metadata
Compilation timestamp:
5/6/2014 10:43:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ZJfzdTJfGbicOferevNt9mygG64Z2xHF7EfOBU888888888888W88888888888m:r9JfHcOfe6dn2xHFYfI

Entry address:
0x64834

Entry point:
55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, B8, EC, 34, 46, 00, E8, 3E, 30, FA, FF, 33, C0, 55, 68, 9D, 4A, 46, 00, 64, FF, 30, 64, 89, 20, A1, 14, 6C, 46, 00, 8B, 00, E8, 84, BD, FF, FF, 8D, 55, E4, A1, 14, 6C, 46, 00, 8B, 00, E8, 61, C4, FF, FF, 8B, 45, E4, 8D, 55, E8, E8, F2, 6C, FA, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 15, 6B, FA, FF, 8B, 55, EC, B8, 14, C2, 46, 00, E8, 70, 0D, FA, FF, A1, 14, C2, 46, 00, E8, F2, 0D, FA, FF, 50, 6A, 00, 6A, 00, E8, 48, 34, FA, FF, 8B, D8, E8, 49...
 
[+]

Entropy:
4.9044

Developed / compiled with:
Microsoft Visual C++

Code size:
397.5 KB (407,040 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DelaypluginInstall

Command:
C:\ProgramData\iskysoft\video converter ultimate\delayplugini.exe


Scan delayplugini.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.