yappyz.exe

Yappyz

SIEN S.A.

The application yappyz.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch’. This file is typically installed with the program Yappyz by SIEN S.A. which is a potentially unwanted software program.
Publisher:
The Yappyz Authors  (signed by SIEN S.A.)

Product:
Yappyz

Version:
27.1.1419.0

MD5:
a2b8a829e2a3b1d93dcd0084bc235363

SHA-1:
d978ec371d5e761b880804b57922adcbb2b828e6

SHA-256:
bc0ef13db406202378752a6c1ef659f917eab9d45aec3189c986950c93621a07

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 1:36:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SIENSA.G
14.7.1.18

File size:
1.2 MB (1,266,496 bytes)

Product version:
27.1.1419.0

Copyright:
Copyright 2013 The Yappyz Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\yappyz\application\yappyz.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/22/2012 1:00:00 AM

Valid to:
8/23/2014 12:59:59 AM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
8/2/2013 1:59:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:1Vliv2JadI2sLU7sKdd4MBYPz+yulqks+PuMcDT4znyFO8p:nQesQksKwMBYPylqks+3aTWyFO8p

Entry address:
0x4E051

Entry point:
E8, A0, 8C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 8A, 62, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 48, 3E, 51, 00, 74, 12, 8B, 0D, 00, 3C, 51, 00, 85, 48, 70, 75, 07, E8, 39, 60, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 18, 44, 51, 00, 74, 16, 8B, 46, 08, 8B, 0D, 00, 3C, 51, 00, 85, 48, 70, 75, 08, E8, F9, 8E, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Entropy:
6.3367

Code size:
712.5 KB (729,600 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\users\{user}\appdata\local\yappyz\application\yappyz.exe" --no-startup-window


The file yappyz.exe has been discovered within the following program.

Yappyz  by SIEN S.A.
Publisher's description - “Yappyz, the premium entertainment platform that brings you Yappiness. Play, connect, challenge and have fun. Yappyz is a free application software that provides mobile-like gaming experience on your PC. Install great games. It's easy, simple and secure.”
public.yappyz.com/front/en-US/support/about
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-235-187-72.compute-1.amazonaws.com  (54.235.187.72:80)

TCP (HTTP):
Connects to ec2-23-23-219-183.compute-1.amazonaws.com  (23.23.219.183:80)

TCP (HTTP SSL):
Connects to 54-166-212-190.enitel.net.ni  (190.212.166.54:443)

TCP (HTTP):
Connects to 29-166-212-190.enitel.net.ni  (190.212.166.29:80)

TCP (HTTP SSL):
Connects to 157-166-212-190.enitel.net.ni  (190.212.166.157:443)

TCP (HTTP):
Connects to ec2-107-21-121-128.compute-1.amazonaws.com  (107.21.121.128:80)

TCP (HTTP):
Connects to i1-h0-s1001.p0-mia.cdngp.net  (174.35.37.6:80)

TCP (HTTP):
Connects to i0-h0-s1033.p0-mia.cdngp.net  (174.35.36.41:80)

TCP (HTTP):
Connects to i0-h0-s1008.p0-mia.cdngp.net  (174.35.36.13:80)

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

TCP (HTTP SSL):
Connects to cache.google.com  (64.15.121.51:443)

TCP (HTTP SSL):
Connects to 59-166-212-190.enitel.net.ni  (190.212.166.59:443)

TCP (HTTP SSL):
Connects to 44-166-212-190.enitel.net.ni  (190.212.166.44:443)

TCP (HTTP):
Connects to 39-166-212-190.enitel.net.ni  (190.212.166.39:80)

TCP (HTTP SSL):
Connects to 34-166-212-190.enitel.net.ni  (190.212.166.34:443)

TCP (HTTP SSL):
Connects to 249-166-212-190.enitel.net.ni  (190.212.166.249:443)

TCP (HTTP):
Connects to 222-166-212-190.enitel.net.ni  (190.212.166.222:80)

TCP (HTTP):
Connects to 219-166-212-190.enitel.net.ni  (190.212.166.219:80)

TCP (HTTP SSL):
Connects to 50-166-212-190.enitel.net.ni  (190.212.166.50:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ort2.fbcdn.net  (157.240.2.25:443)

Remove yappyz.exe - Powered by Reason Core Security