» yeotycchmc.exe
Overview
Analysis
File Details

yeotycchmc.exe

3066_exp_luckysearches

Xiaoqing Liu

The application yeotycchmc.exe by Xiaoqing Liu has been detected as adware by 11 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.

File name:

yeotycchmc.exe

Publisher:

HTabp.com (signed by Xiaoqing Liu)

Product:

3066_exp_luckysearches

Description:

HTabp

Version:

6.6.86.1542

MD5:

9a671e17674ffe579e0843a823c85dbd

SHA-1:

b668823596a5bcd5cc22362a474b387f03f5ee2a

SHA-256:

236f730238578b54e6742022b02466b7ab652fe20f64a9c2580750bd769b1261

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

11/23/2024 7:37:05 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Potentially harmful program Downloader

2016.0.3144

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.15410

Dr.Web

Adware.Mutabaha.220

9.0.1.0100

ESET NOD32

Win32/ELEX.CF potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

W32/ELEX.CF

4/10/2015

herdProtect (fuzzy)

variant of nsd8a39.tmp (Adware)

2015.6.18.3

K7 AntiVirus

Trojan

13.202.15516

Malwarebytes

PUP.Optional.ELEX

v2015.04.10.12

Reason Heuristics

PUP.Li Mo

15.3.11.17

Sophos

PUA 'Elex' (of type Adware)

5.12

File size:

283.9 KB (290,760 bytes)

Product version:

6.6.86.1542

Original file name:

HTabp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\yeotycchmc.exe

Digital Signature

Signed by:

Xiaoqing Liu

Authority:

DigiCert Inc

Valid from:

8/13/2014 2:00:00 AM

Valid to:

8/17/2015 2:00:00 PM

Subject:

CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0EBAB4AC38B70A33EE517D238BDE49D7

File PE Metadata

Compilation timestamp:

3/9/2015 7:24:19 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:h3928Kayi1SlGCrFoPxex7madkE9ZkQbpdgO:httyi1P2ePKmadkEHkAn

Entry address:

0x1382B

Entry point:

E8, D2, C2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 20, B5, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 2C, B1, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00... 
[+]

Code size:

166.5 KB (170,496 bytes)

Remove yeotycchmc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.