home

yestonyupdate.exe

Yestony

Sivi Technology Limited

The application yestonyupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named YestonyUpdateTaskMachineCore triggered daily at a specified time.
Publisher:
Sivi Technology Limited  (signed and verified)

Product:
Yestony

Version:
1.0.0.1

MD5:
f44f0928fbd32fb695107a3e85be5ab9

SHA-1:
fc11b98bd6b696bed2a18323bbdcdf3da43bdf36

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:22:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.11.24.21

File size:
520.9 KB (533,400 bytes)

Product version:
50.26.2661.78

Copyright:
Copyright (C) 2016 Yestony Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\yestony\update\yestonyupdate.exe

Digital Signature
Signed by:
Sivi Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
5/6/2016 8:34:31 AM

Valid to:
3/1/2017 8:56:03 AM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata
Compilation timestamp:
5/27/2016 6:12:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:0t/b21jfXLAxsR0hXIYKZAMpf6ex/LiI0NZJYulxpHmBfduz6qijMDnFx0EUkmhe:041osRq/8r8NZBp20uqiovZUlfA1BQcB

Entry address:
0x43010

Entry point:
81, B9, 67, 00, 00, 9C, E9, 94, 9D, 97, 86, 50, B1, 39, 24, 00, F2, 38, 9D, 0E, EB, 65, 00, 00, 00, 00, 3B, 37, 26, 2B, 32, E1, 87, 35, 28, 87, AA, 3A, 06, 97, 4C, 00, 00, 00, 00, E5, 3D, 51, 65, 41, 06, 4C, 75, 26, 3F, 3D, EB, 40, F2, 9D, C8, D6, A3, 2F, 00, 46, AC, 3A, 9D, 1D, 85, B2, 2C, 96, 9D, 97, 86, 8A, E4, 2F, 96, 0C, DA, 00, 00, 00, 00, 9A, BA, 25, 0D, 95, 57, 00, 00, 00, 00, E7, 26, 4C, 75, 5E, 0D, 4E, 6E, 3B, 2F, 22, E0, 42, E9, 80, D8, C9, A8, 2D, 00, 5B, BC, 25, E0, 0F, 92, 97, 0C, 89, AE, 2F...
 
[+]

Code size:
398 KB (407,552 bytes)

Scheduled Task
Task name:
YestonyUpdateTaskMachineCore

Path:
C:\WINDOWS\Tasks\YestonyUpdateTaskMachineCore.job

Trigger:
Daily (Runs daily at 23:16)


Remove yestonyupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.