pyhkaye.exe

Toups Igaerbollogd We

The application pyhkaye.exe by Toups Igaerbollogd We has been detected as a potentially unwanted program by 17 anti-malware scanners.
Publisher:
Toups Igaerbollogd We  (signed and verified)

MD5:
0d31b7c5f2a47d38e043254e5e7ee9d6

SHA-1:
91cc50872ebaf452d9f787c5f525325fbe313c78

SHA-256:
054c7d9038fac435bd9306be50e9ff0db5c337ae2c0b539b82de01e6c1955bbb

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/15/2024 6:40:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.14573
587

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.24

Avira AntiVirus
ADWARE/Adware.Gen7
8.3.1.6

Arcabit
Trojan.Mikey.D38ED
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150627

AVG
Generic_r
2016.0.3065

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.15627

Bitdefender
Gen:Variant.Mikey.14573
1.0.20.890

Emsisoft Anti-Malware
Gen:Variant.Mikey.14573
8.15.06.27.06

ESET NOD32
Win32/Adware.PennyBee (variant)
9.11836

F-Secure
Gen:Variant.Mikey.14573
11.2015-27-06_7

G Data
Gen:Variant.Mikey.14573
15.6.25

Malwarebytes
PUP.Optional.PennyBee
v2015.06.27.06

MicroWorld eScan
Gen:Variant.Mikey.14573
16.0.0.534

NANO AntiVirus
Riskware.Win32.PennyBee.dsyibb
0.30.24.2266

Panda Antivirus
Trj/Genetic.gen
15.06.27.06

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.27.18

File size:
489.5 KB (501,208 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\dikmucf\pyhkaye.exe

Digital Signature
Authority:
Toups Igaerbollogd We

Valid from:
6/16/2015 10:19:39 PM

Valid to:
6/15/2016 10:19:39 PM

Subject:
CN=Eued Fuoma, O=Toups Igaerbollogd We, L=Beuogaupek, S=Riedrojre, C=US

Issuer:
CN=Afic Xoygja, O=Toups Igaerbollogd We, L=Beuogaupek, S=Riedrojre, C=US

Serial number:
01

File PE Metadata
Compilation timestamp:
6/16/2015 10:21:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:hf3S2pQtHQ2BfdMeLAtITbEpAo+JYkpYU2DmJE:VPpmMeovAh+U2D6E

Entry address:
0x3DD5E

Entry point:
E8, BF, 33, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 5F, 47, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, 27, 47, 00, 01, 0F, 82, B6, 34, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Entropy:
6.5424

Code size:
369.5 KB (378,368 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.32.232:80)

Remove pyhkaye.exe - Powered by Reason Core Security