» yestonyupdate.exe
Overview
Analysis
File Details
Behaviors (1)

yestonyupdate.exe

Yestony

Sivi Technology Limited

The application yestonyupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named YestonyUpdateTaskMachineCore triggered by a time event.

File name:

yestonyupdate.exe

Publisher:

Sivi Technology Limited (signed and verified)

Product:

Yestony

Version:

1.0.0.1

MD5:

ad1c8574acfe9284363f8f232444f683

SHA-1:

036a765681f55e8b2a2914e509e6b5b20b9aa882

SHA-256:

bdbfcc97eff51404ffe7357c9c1060ca51aa84e7ba97b2acc76ced49c50aa8f1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 7:29:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.12.22.16

File size:

597.3 KB (611,679 bytes)

Product version:

50.26.2661.78

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\yestony\update\yestonyupdate.exe

Digital Signature

Signed by:

Sivi Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

5/6/2016 12:34:31 PM

Valid to:

3/1/2017 1:56:03 PM

Subject:

CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata

Compilation timestamp:

5/27/2016 10:12:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x43010

Entry point:

E9, 27, 65, FC, FF, 9C, E9, 94, 9D, 97, 86, 50, B1, 39, 24, 00, F2, 38, 9D, 0E, EB, 65, 00, 00, 00, 00, 3B, 37, 26, 2B, 32, E1, 87, 35, 28, 87, AA, 3A, 06, 97, 4C, 00, 00, 00, 00, E5, 3D, 51, 65, 41, 06, 4C, 75, 26, 3F, 3D, EB, 40, F2, 9D, C8, D6, A3, 2F, 00, 46, AC, 3A, 9D, 1D, 85, B2, 2C, 96, 9D, 97, 86, 8A, E4, 2F, 96, 0C, DA, 00, 00, 00, 00, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2D, 00, 5B, BC, 25, E0, 0F, 92, 97, 0C, 89, AE, 2F... 
[+]

Entropy:

7.1446

Packer / compiler:

Xtreme-Protector v1.05

Code size:

398 KB (407,552 bytes)

Scheduled Task

Task name:

YestonyUpdateTaskMachineCore

Trigger:

Time

Remove yestonyupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.