lyi_my.exe

Ding Ruan

The application lyi_my.exe by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ding Ruan  (signed and verified)

MD5:
b233f7fbef16e25bf714903bbcf4d1e8

SHA-1:
e926800e83bb509582ad5085704a47370b867726

SHA-256:
2ce5ff227ec227a5737f3130f18562d425ae270ceb3cc18b61702eddf9a8e4c4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:33:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
17.2.4.15

File size:
415 KB (425,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lyi_my.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/21/2017 1:00:00 AM

Valid to:
4/14/2017 1:59:59 AM

Subject:
CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4927A4449E1C28AD3321447571D79DD3

File PE Metadata
Compilation timestamp:
1/19/2017 2:37:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7077

Entry point:
E8, 36, F9, FF, FF, E9, 67, 4D, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 1C, 7E, 46, 00, FF, 15, 74, E0, 45, 00, 85, C0, 75, 18, 56, E8, C0, 23, 00, 00, 8B, F0, FF, 15, 40, E0, 45, 00, 50, E8, 37, 23, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 08, E8, 2D, DC, FF, FF, 59, C3, 55, 8B, EC, 81, EC, 80, 00, 00, 00, A1, 00, 60, 46, 00, 33, C5, 89, 45, FC, 8B, 45, 08, 89, 45, 80, 8B, 45, 0C, 89, 45, 98, 33, C0, 53, 33, DB, 40, 56, 89, 45, 94, 8B, F3, 8B, C3, 89, 5D, 90, 57, 8D, 7D, E0, 89...
 
[+]

Code size:
368.5 KB (377,344 bytes)

Remove lyi_my.exe - Powered by Reason Core Security