yestonyupdate.exe

Yestony

Sivi Technology Limited

The application yestonyupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named YestonyUpdateTaskMachineCore triggered by a time event.
Publisher:
Sivi Technology Limited  (signed and verified)

Product:
Yestony

Version:
1.0.0.1

MD5:
5f20639e1b1bb1a5f3d7abf1cc27b59a

SHA-1:
f9892f6112df86ae829cb0e278d44062bcf69081

SHA-256:
68cadd989479888c1e52538548f85c49739e9c7187df94e91cffe757827467a3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:28:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.9.10.0

File size:
520.9 KB (533,400 bytes)

Product version:
50.26.2661.78

Copyright:
Copyright (C) 2016 Yestony Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\yestony\update\yestonyupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
5/6/2016 2:34:31 PM

Valid to:
3/1/2017 3:56:03 PM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata
Compilation timestamp:
5/27/2016 12:12:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:0t/b21jHXLAxsR0hXIYKZAMpf6ex/LiI0NZJYulxpHmBfduz6qijMDnFx0EUkmhe:041gsRq/8r8NZBp20uqiovZUlfA1BQcB

Entry address:
0x43010

Entry point:
81, B9, 67, 00, 00, 9C, E9, 94, 9D, 97, 86, 50, B1, 39, 24, 00, F2, 38, 9D, 0E, EB, 65, 00, 00, 00, 00, 3B, 37, 26, 2B, 32, E1, 87, 35, 28, 87, AA, 3A, 06, 97, 4C, 00, 00, 00, 00, E5, 3D, 51, 65, 41, 06, 4C, 75, 26, 3F, 3D, EB, 40, F2, 9D, C8, D6, A3, 2F, 00, 46, AC, 3A, 9D, 1D, 85, B2, 2C, 96, 9D, 97, 86, 8A, E4, 2F, 96, 0C, DA, 00, 00, 00, 00, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2D, 00, 5B, BC, 25, E0, 0F, 92, 97, 0C, 89, AE, 2F...
 
[+]

Entropy:
6.9317

Code size:
398 KB (407,552 bytes)

Scheduled Task
Task name:
YestonyUpdateTaskMachineCore

Trigger:
Time


Remove yestonyupdate.exe - Powered by Reason Core Security