home

yestony.exe

Yestony

Sivi Technology Limited

The application yestony.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(YestonyP)”.
Publisher:
Sivi Technology Limited  (signed and verified)

Product:
Yestony

Version:
1.0.0.1

MD5:
c9012eaacf6ffbaa647c8dca6aa0cbe5

SHA-1:
12f8117be79dcf863665ff7d95053e1a49960524

SHA-256:
814d62ced929da6a5d894636842f8831599a57fb38a2cf94b7440743423a0d39

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 4:23:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.12.2.0

File size:
390.4 KB (399,768 bytes)

Product version:
50.26.2661.78

Copyright:
Copyright (C) 2016 Yestony Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\yestony\yestony.exe

Digital Signature
Signed by:
Sivi Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
5/6/2016 7:34:31 AM

Valid to:
3/1/2017 8:56:03 AM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata
Compilation timestamp:
5/27/2016 5:12:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:gTqWYJWEDVoENIkjZuEn/nGXXmQ/A1rtF407z/tiFLUgkiEi9ZjS/R+J:gBEDVoEVjs6/niXmQG407z6HkfiPS/QJ

Entry address:
0x28DBE

Entry point:
91, 90, 6E, 00, 00, 81, F9, 8B, 96, 95, 9D, 4D, 21, E6, 2D, 00, E9, 25, 8D, 11, E0, 67, 00, 00, 00, 00, 30, 35, 3D, 36, 22, FE, 8C, 37, 33, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2F, 00, 5B, BC, 25, 96, 1F, 9E, AF, 3C, 89, 96, 95, 9D, 97, F4, 30, 9D, 0E, C1, 00, 00, 00, 00, 98, A1, 38, 1D, 8A, 5C, 00, 00, 00, 00, F8, 2D, 4E, 6E, 43, 1D, 51, 65, 39, 34, 3F, F0, 5D, E2, 82, C3, D4, B8, 30, 00, 59, A7, 38, F0, 10, 99, 95, 17, 94, BE, 30...
 
[+]

Code size:
285 KB (291,840 bytes)

Service
Display name:
Protect Service(YestonyP)

Service name:
YestonyP

Description:
To ensure your Yestony software integrity. If this service is disabled or stopped, your Yestony software will not be kept integrity check. This service uninstalls itself when there is no Yestony softw

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove yestony.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.