» yestonyupdate.exe
Overview
Analysis
File Details
Behaviors (1)

yestonyupdate.exe

Yestony

Sivi Technology Limited

The application yestonyupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service(YestonyU)”.

File name:

yestonyupdate.exe

Publisher:

Sivi Technology Limited (signed and verified)

Product:

Yestony

Version:

1.0.0.1

MD5:

5f20639e1b1bb1a5f3d7abf1cc27b59a

SHA-1:

889a164d425bccfb74cce9451dd53ff0cc258bfb

SHA-256:

68cadd989479888c1e52538548f85c49739e9c7187df94e91cffe757827467a3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 7:04:30 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.9.13.15

File size:

520.9 KB (533,400 bytes)

Product version:

50.26.2661.78

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\yestony\update\yestonyupdate.exe

Digital Signature

Signed by:

Sivi Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

5/6/2016 8:34:31 AM

Valid to:

3/1/2017 8:56:03 AM

Subject:

CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata

Compilation timestamp:

5/27/2016 6:12:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:0t/b21jHXLAxsR0hXIYKZAMpf6ex/LiI0NZJYulxpHmBfduz6qijMDnFx0EUkmhe:041gsRq/8r8NZBp20uqiovZUlfA1BQcB

Entry address:

0x43010

Entry point:

81, B9, 67, 00, 00, 9C, E9, 94, 9D, 97, 86, 50, B1, 39, 24, 00, F2, 38, 9D, 0E, EB, 65, 00, 00, 00, 00, 3B, 37, 26, 2B, 32, E1, 87, 35, 28, 87, AA, 3A, 06, 97, 4C, 00, 00, 00, 00, E5, 3D, 51, 65, 41, 06, 4C, 75, 26, 3F, 3D, EB, 40, F2, 9D, C8, D6, A3, 2F, 00, 46, AC, 3A, 9D, 1D, 85, B2, 2C, 96, 9D, 97, 86, 8A, E4, 2F, 96, 0C, DA, 00, 00, 00, 00, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2D, 00, 5B, BC, 25, E0, 0F, 92, 97, 0C, 89, AE, 2F... 
[+]

Code size:

398 KB (407,552 bytes)

Service

Display name:

Update Service(YestonyU)

Service name:

YestonyU

Description:

Keeps your Yestony software up to date. If this service is disabled or stopped, your Yestony software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and f

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove yestonyupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.