yacqq.exe

Hefei Infinity Technology Co., Ltd.

The application yacqq.exe by Hefei Infinity Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-240-186-69.mad50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Hefei Infinity Technology Co., Ltd.  (signed and verified)

MD5:
9323fa8c73b8c8271bad2e3b18d835c2

SHA-1:
2417583ce0f177d042a62af143f5818803c07e31

SHA-256:
46e5f5aab9b4ddcf73913a501df46585a32c9028e4b3cc60c7ca7c6c1ec08093

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:47:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
17.2.3.9

File size:
273.7 KB (280,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\{random}.tmp\yacqq.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
11/22/2016 2:00:00 AM

Valid to:
9/8/2017 2:59:59 AM

Subject:
CN="Hefei Infinity Technology Co., Ltd.", O="Hefei Infinity Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
64496AE40D10BF509E7C2D0CDCAD34AB

File PE Metadata
Compilation timestamp:
2/3/2017 10:34:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x8ED9

Entry point:
E8, 02, 45, 00, 00, E9, F2, 6B, 01, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 9C, 99, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 4C, 81, 43, 00, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B0, 31, 44...
 
[+]

Entropy:
6.4259

Code size:
218.5 KB (223,744 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-126-191.iad16.r.cloudfront.net  (52.84.126.191:80)

TCP (HTTP):
Connects to server-54-192-230-34.waw50.r.cloudfront.net  (54.192.230.34:80)

TCP (HTTP):
Connects to server-54-230-163-112.jax1.r.cloudfront.net  (54.230.163.112:80)

TCP (HTTP):
Connects to server-54-230-163-242.jax1.r.cloudfront.net  (54.230.163.242:80)

TCP (HTTP):
Connects to server-52-84-246-103.sfo20.r.cloudfront.net  (52.84.246.103:80)

TCP (HTTP):
Connects to server-54-230-81-248.mia50.r.cloudfront.net  (54.230.81.248:80)

TCP (HTTP):
Connects to server-54-230-206-154.atl50.r.cloudfront.net  (54.230.206.154:80)

TCP (HTTP):
Connects to server-54-230-206-131.atl50.r.cloudfront.net  (54.230.206.131:80)

TCP (HTTP):
Connects to server-54-230-163-228.jax1.r.cloudfront.net  (54.230.163.228:80)

TCP (HTTP):
Connects to server-54-230-163-20.jax1.r.cloudfront.net  (54.230.163.20:80)

TCP (HTTP):
Connects to server-52-85-77-125.lax3.r.cloudfront.net  (52.85.77.125:80)

TCP (HTTP):
Connects to server-52-84-33-77.ewr50.r.cloudfront.net  (52.84.33.77:80)

TCP (HTTP):
Connects to server-52-84-246-174.sfo20.r.cloudfront.net  (52.84.246.174:80)

TCP (HTTP):
Connects to server-52-84-132-222.atl52.r.cloudfront.net  (52.84.132.222:80)

TCP (HTTP):
Connects to server-52-84-126-86.iad16.r.cloudfront.net  (52.84.126.86:80)

TCP (HTTP):
Connects to server-54-230-81-162.mia50.r.cloudfront.net  (54.230.81.162:80)

TCP (HTTP):
Connects to server-54-230-5-185.dfw3.r.cloudfront.net  (54.230.5.185:80)

TCP (HTTP):
Connects to server-54-230-5-133.dfw3.r.cloudfront.net  (54.230.5.133:80)

TCP (HTTP):
Connects to server-54-230-216-9.mrs50.r.cloudfront.net  (54.230.216.9:80)

TCP (HTTP):
Connects to server-54-230-187-152.cdg51.r.cloudfront.net  (54.230.187.152:80)

Remove yacqq.exe - Powered by Reason Core Security