home

hytj.exe

SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

The executable hytj.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RecsHY2’.
Publisher:
HYFamily  (signed by SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD)

Product:
HYFamily

Version:
1.0.0.0

MD5:
57df8bf91926086657215e60c05f6230

SHA-1:
e1227ac308c7ed581750bd2a4d78fa1942513a1f

SHA-256:
3d00f979b259ca5fa465d8f8ef150e3475fb4b819704ecca95c6c33ed3a00e08

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/18/2024 12:53:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.11.1

File size:
348.8 KB (357,168 bytes)

Product version:
1.0.0.20150603

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hysq_20150619160331\20150619160331\hytj.exe

Digital Signature
Signed by:
SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

Authority:
WoSign CA Limited

Valid from:
8/18/2014 10:57:45 AM

Valid to:
8/18/2015 10:57:45 AM

Subject:
CN="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", E=kvzy126@qq.com, O="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
638EE520CBA58047BC1DFA9563FC24F8

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA2952

Entry point:
68, B5, 58, 6C, 28, E8, 37, F7, 03, 00, E9, 31, 00, FF, FF, 00, 00, 47, 65, 74, 43, 6C, 69, 70, 42, 6F, 78, 00, 68, 32, 59, 2C, F1, E8, 0D, F7, 03, 00, 1A, 64, 66, EB, B7, B0, 52, E7, 84, A4, 79, D3, B3, A3, B1, 68, 24, ED, FC, FC, EE, DB, 1F, EC, 13, 4D, 47, 1B, BA, A4, 8D, 00, F7, 06, 16, C9, 10, B7, 9A, 1A, 53, 48, B9, 49, 65, DB, 48, F3, 75, CA, 6C, 84, CD, D6, B8, 57, BF, 7D, 35, BC, 6B, C5, 57, 1B, 6D, 94, AA, E2, 62, 0F, 94, D3, 05, F1, 48, 60, 8D, 64, 24, 24, 0F, 83, 55, 96, FF, FF, 80, CB, AC, 88...
 
[+]

Entropy:
7.8962  (probably packed)

Code size:
903.5 KB (925,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RecsHY2

Command:
"C:\Program Files\hysq_20150619160331\20150619160331\hytj.exe" -w


Remove hytj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.