YW.exe

鹦鹉助手

Beijing AmazGame Age Internet Technology Co., Ltd.

The application YW.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
17173.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
鹦鹉助手

Version:
2.0.903

MD5:
634c804e9f91dfc9b53a6684c9e8eacc

SHA-1:
19e6f126d104ceda6297a9b936b81f54cc858890

SHA-256:
c00631e104744bf14e89c05abef75e7be665a5c224072375971a2f45469b4366

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:47:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingA
17.2.15.12

File size:
3.9 MB (4,066,168 bytes)

Product version:
2.0.903

Copyright:
(C) 2003-2016 17173.com

Trademarks:
17173.com

Original file name:
YW.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/18/2015 8:00:00 AM

Valid to:
6/17/2018 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
32986F1A747EDB31B8BB8BD88A2A0D03

File PE Metadata
Compilation timestamp:
2/10/2017 5:15:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xFA59C

Entry point:
E8, 10, 04, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 30, E8, 72, 00, E8, AE, 01, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, 28, 63, 50, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, D4, 54, 74, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, D8, 54, 74, 00, 75, 0A, 6A, 1F, E8, 69, 02, 00, 00, 59, EB, 3B, 83, 3D, D8, 54, 74, 00, 00, 75, 2C, 89, 35, D8, 54, 74, 00, 68, B8, 76, 50, 00, 68, A4, 76, 50, 00, E8...
 
[+]

Entropy:
6.1732

Code size:
1 MB (1,065,984 bytes)

Remove YW.exe - Powered by Reason Core Security