File details
File name: YahooAUService.exe
Name: Yahoo! AutoUpdater
Description: AutoUpater Service Module
Version: 1.0.0.53
Size: 588.27 KB
Original file name: YahooAUService.exe
Digital certificate
Certificate authority:
VeriSign
Effective date: 8/10/2006
Expiration date: 9/3/2009
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0397057590%
Privileged CPU:
0.0036672074%

User CPU:
0.03603855150139%

Total CPU time: 2 ms
Total CPU time /min: 0 ms
Privileged CPU time: 25540.03 ms
Privileged CPU time /min: 0 ms
User CPU time: 1.5 ms
User CPU time /min: 0 ms
CPU cycle count:
515,852,253
CPU cycle count /min: 2,904,211
 | Memory utilization averages |
Committed memory:
59.72 MB
Peak committed memory: 66.03 MB
Paged memory:
4 MB
Peak paged memory: 4.29 MB
Paged system memory:
92.48 KB
Non-paged system memory: 11.17 KB
Working set memory:
5.22 MB
Peak working set memory: 9.73 MB
Min working set memory: 3.84 MB
Private memory:
4 MB
Page faults:
11,046
Page faults /min: 48
 | Process I/O averages |
Total read operations:
581
Read operations /min: 4
Total read transfer: 1.13 MB
Read transfer /min: 6.35 KB
Total write operations:
12
Write operations /min: 1
Total write transfer: 15.31 KB
Write transfer /min: 37 Bytes
Total other operations:
1,524
Other operations /min: 12
Total other transfer: 49.09 KB
Other Transfer /min: 254 Bytes
 | GUI Object Averages |
GDI objects:
4
USER objects:
5
Resources
Handle count average: 240
Thread count average: 6
Thread resource averages
wow64.dll

Total CPU: 0.004352008678%
Privileged CPU: 0.001820163120%
User CPU: 0.002531845558%
CPU Cycle count /sec: 114,454
Module memory size: 252 KB
sechost.dll

Total CPU: 0.003419007291%
Privileged CPU: 0.002171318140%
User CPU: 0.001247689150%
CPU Cycle count /sec: 69,979
Module memory size: 100 KB
ntdll.dll

Total CPU: 0.003249988069%
Privileged CPU: 0.001065975097%
User CPU: 0.002184012972%
Module memory size: 704 KB
Total CPU: 0.002878711643%
Privileged CPU: 0.002636701734%
User CPU: 0.000242009910%
CPU Cycle count /sec: 47,754
Module memory size: 612 KB
ntdll.dll

Total CPU: 0.002795661134%
Privileged CPU: 0.000798760324%
User CPU: 0.001996900810%
Module memory size: 704 KB
ntdll.dll

Total CPU: 0.002679597333%
Privileged CPU: 0.001179022827%
User CPU: 0.001500574507%
Module memory size: 712 KB
advapi32.dll

Total CPU: 0.002397198448%
Privileged CPU: 0.000821965738%
User CPU: 0.001575232710%
Module memory size: 620 KB
ntdll.dll

Total CPU: 0.002384638973%
Privileged CPU: 0.001796813913%
User CPU: 0.000587825060%
CPU Cycle count /sec: 43,346
Module memory size: 1.23 MB
advapi32.dll

Total CPU: 0.001725902063%
Privileged CPU: 0.001341293902%
User CPU: 0.000384608161%
Module memory size: 620 KB
Total CPU: 0.001620199503%
Privileged CPU: 0.000843941714%
User CPU: 0.000776257789%
CPU Cycle count /sec: 39,816
Module memory size: 252 KB
advapi32.dll

Total CPU: 0.001441546330%
Privileged CPU: 0.000961030887%
User CPU: 0.000480515443%
CPU Cycle count /sec: 24,678
Module memory size: 764 KB
advapi32.dll

Total CPU: 0.001344306555%
Privileged CPU: 0.001330730700%
User CPU: 0.000013575855%
CPU Cycle count /sec: 17,726
Module memory size: 792 KB
ntdll.dll

Total CPU: 0.001320957244%
Privileged CPU: 0.001097985014%
User CPU: 0.000222972229%
CPU Cycle count /sec: 28,109
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.001318381134%
Privileged CPU: 0.000946122792%
User CPU: 0.000372258342%
CPU Cycle count /sec: 33,288
Module memory size: 1.66 MB
wow64.dll

Total CPU: 0.001261562652%
Privileged CPU: 0.000630781326%
User CPU: 0.000630781326%
CPU Cycle count /sec: 12,624
Module memory size: 252 KB
ntdll.dll

Total CPU: 0.001220801079%
Privileged CPU: 0.000000000000%
User CPU: 0.001220801079%
CPU Cycle count /sec: 1,770
Module memory size: 1.67 MB
wow64.dll

Total CPU: 0.000790449219%
Privileged CPU: 0.000227831234%
User CPU: 0.000562617985%
CPU Cycle count /sec: 24,296
Module memory size: 252 KB
ntdll.dll

Total CPU: 0.000755111008%
Privileged CPU: 0.000161384684%
User CPU: 0.000593726324%
Module memory size: 712 KB
wow64.dll

Total CPU: 0.000731982040%
Privileged CPU: 0.000000000000%
User CPU: 0.000731982040%
CPU Cycle count /sec: 28,742
Module memory size: 252 KB
advapi32.dll

Total CPU: 0.000535916020%
Privileged CPU: 0.000321549612%
User CPU: 0.000214366408%
Module memory size: 620 KB
Process details
Runs as (owner): System
Integrety level: System
Windows platform: 64-bit
Runs as a service: Yes
Parent Processes
Process Commands
"C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
"C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
Service details
Name: YahooAUService
Image hashes
MD5: dd0042f0c3b606a6a8b92d49afb18ad6
SHA-1: 74fbb38fa923a2db686a7492c2c8feb9a23a7be4
SHA-256: 8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852
PE image details
File entropy: 6.51437
File packed: No
Import Table
advapi32.dll

CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
CryptDecrypt
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
imagehlp.dll

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData
kernel32.dll

LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
DeleteFileW
LockResource
FindResourceExW
lstrlenA
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetShortPathNameW
GetExitCodeProcess
TerminateProcess
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetVersionExW
IsBadReadPtr
FindClose
FindFirstFileW
GetFileAttributesW
CreateDirectoryExW
lstrcpyW
GetTempPathW
lstrcatW
RemoveDirectoryW
FindNextFileW
TryEnterCriticalSection
GetTickCount
DeleteTimerQueueTimer
CreateTimerQueueTimer
LoadLibraryA
CreateFileA
lstrcmpA
lstrcmpiA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
GetModuleFileNameW
WaitForSingleObject
CloseHandle
lstrcmpiW
GetLastError
RaiseException
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
VirtualQuery
GetStringTypeW
SetEndOfFile
GetStringTypeA
GetCPInfo
LCMapStringW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
LCMapStringA
GetStartupInfoW
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetModuleHandleA
ole32.dll

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
shell32.dll

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
shlwapi.dll

user32.dll

UnregisterClassA
LoadStringW
PostThreadMessageW
MessageBoxW
CharNextW
TranslateMessage
CharUpperW
DispatchMessageW
GetMessageW
winhttp.dll

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryOption
WinHttpSetOption
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen