yacqq.exe

The application yacqq.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-63-115.lhr50.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
b480c48588f7dbd16ca4bec4cdf5fe71

SHA-1:
0cedc26a4a5f80548caf7dcc80468502115d4909

SHA-256:
499f172944bf4f049ce9f089ba10d3fc8c8ae8957997d4ff7a0d706875b2ad6a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:21:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Dropper.YAC (M)
17.2.8.10

File size:
151.2 KB (154,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\{random}.tmp\yacqq.exe

File PE Metadata
Compilation timestamp:
2/8/2017 8:48:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x7C0D

Entry point:
E8, 9E, 44, 00, 00, E9, 66, 0C, 01, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 78, DD, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F0, C0, 41, 00, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A8, 45, 42...
 
[+]

Entropy:
6.3715

Code size:
107 KB (109,568 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-95-25.fra2.r.cloudfront.net  (54.230.95.25:80)

TCP (HTTP):
Connects to server-54-230-95-192.fra2.r.cloudfront.net  (54.230.95.192:80)

TCP (HTTP):
Connects to server-52-84-246-175.sfo20.r.cloudfront.net  (52.84.246.175:80)

TCP (HTTP):
Connects to server-52-84-246-207.sfo20.r.cloudfront.net  (52.84.246.207:80)

TCP (HTTP):
Connects to server-52-84-246-93.sfo20.r.cloudfront.net  (52.84.246.93:80)

TCP (HTTP):
Connects to server-52-84-246-41.sfo20.r.cloudfront.net  (52.84.246.41:80)

TCP (HTTP):
Connects to server-52-84-246-165.sfo20.r.cloudfront.net  (52.84.246.165:80)

TCP (HTTP):
Connects to server-52-84-246-6.sfo20.r.cloudfront.net  (52.84.246.6:80)

TCP (HTTP):
Connects to server-54-240-186-44.mad50.r.cloudfront.net  (54.240.186.44:80)

TCP (HTTP):
Connects to server-54-240-186-202.mad50.r.cloudfront.net  (54.240.186.202:80)

TCP (HTTP):
Connects to server-54-230-216-58.mrs50.r.cloudfront.net  (54.230.216.58:80)

TCP (HTTP):
Connects to server-54-230-216-31.mrs50.r.cloudfront.net  (54.230.216.31:80)

TCP (HTTP):
Connects to server-54-230-216-184.mrs50.r.cloudfront.net  (54.230.216.184:80)

TCP (HTTP):
Connects to server-54-230-216-163.mrs50.r.cloudfront.net  (54.230.216.163:80)

TCP (HTTP):
Connects to server-54-230-216-162.mrs50.r.cloudfront.net  (54.230.216.162:80)

TCP (HTTP):
Connects to server-54-230-187-48.cdg51.r.cloudfront.net  (54.230.187.48:80)

TCP (HTTP):
Connects to server-54-230-141-53.sfo5.r.cloudfront.net  (54.230.141.53:80)

TCP (HTTP):
Connects to server-54-230-141-36.sfo5.r.cloudfront.net  (54.230.141.36:80)

TCP (HTTP):
Connects to server-54-230-141-221.sfo5.r.cloudfront.net  (54.230.141.221:80)

TCP (HTTP):
Connects to server-54-230-141-21.sfo5.r.cloudfront.net  (54.230.141.21:80)

Remove yacqq.exe - Powered by Reason Core Security