yacqq.exe

TODO:

Hefei Infinity Technology Co., Ltd.

The application yacqq.exe, “TODO: <File description>” by Hefei Infinity Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-126-10.iad16.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
TODO: <Company name>  (signed by Hefei Infinity Technology Co., Ltd.)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
ab07e20858fd8b5f3bfe6ae514ee5961

SHA-1:
c8f476b9e97d5d8c4781fcb6329e1c42521240d9

SHA-256:
fb62cea56cfbfafc9a62614e55cef0a5fe6eb74c4a4400d4083b864892caed9f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/4/2024 5:12:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
17.2.17.7

File size:
150.7 KB (154,328 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2017

Original file name:
windows

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\yacqq.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/5/2017 10:00:00 PM

Valid to:
9/7/2017 8:59:59 PM

Subject:
CN="Hefei Infinity Technology Co., Ltd.", O="Hefei Infinity Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7221A387E2E2D9413C322A3DD55DA62A

File PE Metadata
Compilation timestamp:
2/16/2017 1:07:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x7354

Entry point:
E8, A7, 44, 00, 00, E9, FF, 13, 01, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, A0, D0, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 00, C1, 41, 00, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A0, 40, 42...
 
[+]

Code size:
105.5 KB (108,032 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-126-120.iad16.r.cloudfront.net  (52.84.126.120:80)

TCP (HTTP):
Connects to server-52-84-126-10.iad16.r.cloudfront.net  (52.84.126.10:80)

TCP (HTTP):
Connects to server-54-230-95-206.fra2.r.cloudfront.net  (54.230.95.206:80)

TCP (HTTP):
Connects to server-54-230-216-83.mrs50.r.cloudfront.net  (54.230.216.83:80)

TCP (HTTP):
Connects to server-54-230-216-27.mrs50.r.cloudfront.net  (54.230.216.27:80)

TCP (HTTP):
Connects to server-54-230-216-158.mrs50.r.cloudfront.net  (54.230.216.158:80)

TCP (HTTP):
Connects to server-54-230-11-73.lhr3.r.cloudfront.net  (54.230.11.73:80)

TCP (HTTP):
Connects to server-54-230-11-14.lhr3.r.cloudfront.net  (54.230.11.14:80)

TCP (HTTP):
Connects to server-54-192-37-234.jfk1.r.cloudfront.net  (54.192.37.234:80)

TCP (HTTP):
Connects to server-54-192-3-25.lhr5.r.cloudfront.net  (54.192.3.25:80)

Remove yacqq.exe - Powered by Reason Core Security