home

lycq.exe

xxd2wd

Tencent Technology(Shenzhen) Company Limited

The application lycq.exe by Tencent Technology(Shenzhen) Company Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Tencent Technology(Shenzhen) Company Limited  (signed and verified)

Product:
xxd2wd

Description:
wdxxd

Version:
6.2.1.67

MD5:
b67094a0ae136addba23e9c1e313ffad

SHA-1:
f4f593c64adc13786cde503bf8ce5f2b58229cde

SHA-256:
b308e35c58fa12c09829c8cf6ae1ac1034aed65c2bea22fa56527dcb8d1505a0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 9:56:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler
16.7.30.13

File size:
2.3 MB (2,453,760 bytes)

Product version:
6.2.1.67

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\lycq.exe

Digital Signature
Signed by:
Tencent Technology(Shenzhen) Company Limited

Authority:
VeriSign, Inc.

Valid from:
6/12/2016 3:52:00 PM

Valid to:
6/12/2038 3:52:00 PM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=研发管理部, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=VeriSign Trust Network, O="VeriSign, Inc.", L=Redmond, S=Washington, C=US

Serial number:
00A90E7DA0F4A6AD11

File PE Metadata
Compilation timestamp:
6/20/2016 4:18:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:q6yTvkLcTXEeMJ20/a3D7hGubU9oQMQ46iP2HL1GrB7FXM8mlFdg:qpkEXEec2l35xbU6QMN6iP2r1u3XM8m2

Entry address:
0x3E5FA0

Entry point:
60, BE, 00, 60, 59, 00, 8D, BE, 00, B0, E6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8367

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
2.3 MB (2,428,928 bytes)

Remove lycq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.