Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Relationships
ypvmj.exe
| MD5: | 3b7a992ae53ebb41dd1e566e4172e9c0 |
| SHA1: | 1ef0295638190615081c6051cc1811691a647f53 |
| SHA256: | f09afc177afbc8e2d36a57d105d3f79a70ec2e36701c9759e19d54a009279f11 |
Warning 45 antivirus scanners has detected malware.
Overview
ypvmj.exe is malware that executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent
sohcimp.exe (Sony Home Network Library by Sony Corporation). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This particular version is usually found on Windows 7 Home Basic (6.1.7601.65536).
Details
| File name: | ypvmj.exe |
| Typical file path: | C:\users\user\appdata\local\temp\ypvmj.exe |
| Size: | 35.17 KB (36,010 bytes) |
| Build date: | 12/5/2012 4:04 PM |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\TEMP\gvup.exe'
Malware detections
Based on 40+ industry antivirus scanners, 45 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Agnitum |
5.5.1.3 |
TrojanSpy.Keatep!RNVxzBr1G1g |
| AhnLab V3 Internet Security |
2013.10.03 |
Trojan/Win32.SCKeyLog |
| Avira AntiVir |
7.11.105.176 |
TR/Dropper.Gen |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent |
| avast! |
8.0.1489.320 |
Win32:Sality-GR |
| AVG |
13.0.0.3169 |
PSW.Agent.AZSZ |
| Baidu Antivirus |
3.5.1.41473 |
Worm.Win32.Stealer.30 |
| BitDefender |
7.2 |
Trojan.Crypt.HO |
| Bkav Security |
1.3.0.4246 |
W32.DropperKeatep.Trojan |
| CAT Quick Heal |
10.13.12.00 |
TrojanPSW.Agent.aeuw |
| Commtouch |
5.4.1.7 |
W32/Trojan.AZIR-5555 |
| Comodo Internet Security |
17038 |
TrojWare.Win32.Spy.Keatep.A |
| Dr.Web |
8.13.10.5 |
Trojan.PWS.Stealer.1630 |
| Emsisoft Anti-Malware |
3.0.0.589 |
Trojan-PSW.Win32.Keatep (A) |
| ESET NOD32 |
7.8869 |
a variant of Win32/Spy.Keatep.A |
| Fortinet |
5.1.147.0 |
W32/Agent.AEUW!tr.pws |
| F-Secure |
11.0.19100.45 |
Trojan.Crypt.HO |
| G Data |
13.10.22 |
Trojan.Crypt.HO |
| Ikarus |
T3.1.5.4.0 |
Trojan-Dropper.Win32.Sality |
| Jiangmin |
16.0.100 |
Trojan/PSW.Agent.adrz |
| K7 AntiVirus |
9.173.9757 |
Password-Stealer |
| K7GW |
12.7.0.14 |
Password-Stealer |
| Kaspersky |
9.0.0.837 |
Trojan-PSW.Win32.Agent.aeuw |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
| Malwarebytes |
1.75.0.1 |
Spyware.Password |
| McAfee |
5.600.1067 |
RDN/Generic PWS.y!lh |
| McAfee Gateway Anti-Malware |
v2013-dat |
RDN/Generic PWS.y!lh |
| Microsoft Security Essentials |
1.9901.0 |
TrojanSpy:Win32/Keatep.B |
| eScan by MicroWorld |
12.0.250.0 |
Trojan.Crypt.HO |
| NANO AntiVirus |
0.26.0.55203 |
Trojan.Win32.Stealer.bckjbt |
| Norman |
7.02.06 |
Pramro.C |
| nProtect |
2013-10-02.03 |
Trojan-PWS/W32.Agent.36010 |
| Panda Antivirus |
10.0.3.5 |
Trj/OCJ.A |
| PC Tools |
9.0.0.2 |
Downloader.Generic |
| Rising Antivirus |
24.81.06.04 |
Trojan.Win32.Generic.13AD3A3F |
| Sophos |
4.93.0 |
Mal/Generic-L |
| SUPERAntiSpyware |
5.6.0.1032 |
Trojan.Agent/Gen |
| Symantec |
20131.1.5.61 |
Downloader |
| The Hacker |
6.8.0.5.339 |
Posible_Worm32 |
| Total Defense |
37.0.10498 |
Win32/Maazben!generic |
| Trend Micro |
9.740.0.1012 |
TROJ_SPNR.0BL812 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_SPNR.0BL812 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.PSW.17107 |
| VIPRE Antivirus |
22044 |
Trojan-PWS.Win32.Agent.aeuw (v) |
| ViRobot |
2011.4.7.4223 |
Trojan.Win32.A.PSW-Agent.36010.A[UPX] |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00868225% | |
| Kernel CPU: | 0.00707025% | |
| User CPU: | 0.00161200% | |
| Kernel CPU time: | 607,569 ms/min | |
| Memory |
| Private memory: | 13.55 MB | |
| Private (maximum): | 10.45 MB | |
| Private (minimum): | 6.28 MB | |
| Non-paged memory: | 13.55 MB | |
| Virtual memory: | 87.52 MB | |
| Virtual memory (peak): | 99 MB | |
| Working set: | 7.09 MB | |
| Working set (peak): | 10.55 MB | |
| Resource allocations |
| Threads: | 12 | |
| Handles: | 308 | |
| GUI GDI count: | 9 | |
| GUI GDI peak: | 9 | |
| GUI USER count: | 5 | |
| GUI USER peak: | 6 | |
Process properties
Threads
Averages
| ypvmj.exe (main module) |
| Total CPU: | 8.95574628% | |
| Kernel CPU: | 6.38290063% | |
| User CPU: | 2.57284565% | |
| CPU cycles: | 196,019,152/sec | |
| Context switches: | 159/sec | |
| Memory: | 496 KB | |
| ntdll.dll |
| Total CPU: | 0.00264244% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00264244% | |
| CPU cycles: | 23,916/sec | |
| Memory: | 1.66 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Basic |
100.00% |
|
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Sony |
100.00% |
|
