» lyi_my.exe
Overview
Analysis
File Details
Network (3)

lyi_my.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application lyi_my.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-132-188.atl52.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

lyi_my.exe

Publisher:

Beijing Caiyunshidai Technology Co., Ltd. (signed and verified)

MD5:

eba4b053734f0869cfe91b15f7cd6961

SHA-1:

418d1aba3baca95464a8158a927066deeee5b7c6

SHA-256:

096aa7ca14dd55ed7adb5aa2a59b4dcef846d4f6f20af88f4332c5f299bcbd92

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 6:40:55 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.ELEX.SpeedSearch (M)

17.2.3.0

File size:

408.8 KB (418,568 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lyi_my.exe

Digital Signature

Signed by:

Beijing Caiyunshidai Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

1/21/2017 7:00:00 AM

Valid to:

3/4/2017 6:59:59 AM

Subject:

CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

378DEFDD636617682E5EC12F97DFF1D2

File PE Metadata

Compilation timestamp:

1/19/2017 11:29:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x26D7

Entry point:

E8, 85, 2C, 00, 00, E9, 4B, 8E, 00, 00, 55, 8B, EC, 53, 56, 57, 33, FF, BB, E3, 00, 00, 00, 8D, 04, 3B, 99, 2B, C2, 8B, F0, D1, FE, 6A, 55, FF, 34, F5, 38, F5, 45, 00, FF, 75, 08, E8, 23, F5, FF, FF, 83, C4, 0C, 85, C0, 74, 13, 79, 05, 8D, 5E, FF, EB, 03, 8D, 7E, 01, 3B, FB, 7E, D0, 83, C8, FF, EB, 07, 8B, 04, F5, 3C, F5, 45, 00, 5F, 5E, 5B, 5D, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, E8, D1, 45, 00, 74, 0A, 40, 83, F8, 17, 72, F1, 33, C0, 5D, C3, 8B, 04, C5, EC, D1, 45, 00, 5D, C3, 55, 8B, EC, 51... 
[+]

Entropy:

7.8243 (probably packed)

Code size:

365 KB (373,760 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-84-132-182.atl52.r.cloudfront.net (52.84.132.182:80)

TCP (HTTP):

Connects to server-52-84-132-188.atl52.r.cloudfront.net (52.84.132.188:80)

TCP (HTTP):

Connects to server-52-84-132-113.atl52.r.cloudfront.net (52.84.132.113:80)

Remove lyi_my.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.