yestonyupdate.exe

Yestony

Sivi Technology Limited

The application yestonyupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named YestonyUpdateTaskMachineCore triggered daily at a specified time. While running, it connects to the Internet address server-54-192-55-157.jfk6.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Sivi Technology Limited  (signed and verified)

Product:
Yestony

Version:
1.0.0.1

MD5:
5f20639e1b1bb1a5f3d7abf1cc27b59a

SHA-1:
add6f85510e054e657d79c46b701eaa3b5dd3638

SHA-256:
68cadd989479888c1e52538548f85c49739e9c7187df94e91cffe757827467a3

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:03:52 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.1333
9.0.1.05190

Reason Heuristics
Adware.Elex.SiviTech.Meta (M)
16.7.11.13

VIPRE Antivirus
Threat.4150696
29708

File size:
520.9 KB (533,400 bytes)

Product version:
50.26.2661.78

Copyright:
Copyright (C) 2016 Yestony Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\yestony\update\yestonyupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
5/6/2016 6:34:31 AM

Valid to:
3/1/2017 7:56:03 AM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata
Compilation timestamp:
5/27/2016 6:12:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:0t/b21jHXLAxsR0hXIYKZAMpf6ex/LiI0NZJYulxpHmBfduz6qijMDnFx0EUkmhe:041gsRq/8r8NZBp20uqiovZUlfA1BQcB

Entry address:
0x43010

Entry point:
81, B9, 67, 00, 00, 9C, E9, 94, 9D, 97, 86, 50, B1, 39, 24, 00, F2, 38, 9D, 0E, EB, 65, 00, 00, 00, 00, 3B, 37, 26, 2B, 32, E1, 87, 35, 28, 87, AA, 3A, 06, 97, 4C, 00, 00, 00, 00, E5, 3D, 51, 65, 41, 06, 4C, 75, 26, 3F, 3D, EB, 40, F2, 9D, C8, D6, A3, 2F, 00, 46, AC, 3A, 9D, 1D, 85, B2, 2C, 96, 9D, 97, 86, 8A, E4, 2F, 96, 0C, DA, 00, 00, 00, 00, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2D, 00, 5B, BC, 25, E0, 0F, 92, 97, 0C, 89, AE, 2F...
 
[+]

Code size:
398 KB (407,552 bytes)

Scheduled Task
Task name:
YestonyUpdateTaskMachineCore

Path:
C:\WINDOWS\Tasks\YestonyUpdateTaskMachineCore.job

Trigger:
Daily (Runs daily at 11:05)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-55-157.jfk6.r.cloudfront.net  (54.192.55.157:80)

TCP (HTTP):
Connects to c8.3e.559e.ip4.static.sl-reverse.com  (158.85.62.200:80)

Remove yestonyupdate.exe - Powered by Reason Core Security