u/BusyHuckleberry846

Title: Suspicious signed executable (RobotAI.exe / ycvol.exe) – possible Discord-related malware?

I found a suspicious executable on my system and I’m trying to determine its origin and behavior.

Details:

• File name: RobotAI.exe
• Also seen as: ycvol.exe (on VirusTotal)
• Location: C:\DoscordRobot\
• Size: ~147 KB

VirusTotal Behavior Report:
https://www.virustotal.com/gui/file/29fdd994c5c62ca7e7c9f3ebeffe7a25a4d5c055ca55be2bcda70db8c3a2c634/behavior

Observations:

• The file is digitally signed with a valid signature
• Signer appears to be: “Chengdu Weisuan Technology Co., Ltd.”
• Certificate chain includes GlobalSign / DigiCert
• File name differs between local system and VT (possible renaming)
• The folder name “DoscordRobot” looks like a typo-squatted Discord directory

I did NOT intentionally install or download anything with this name.

Questions:

1. Is this associated with any known malware family (stealer / loader / RAT)?
2. How trustworthy is this type of digital signature in practice?
3. Does this match known Discord-based infection vectors (e.g., fake tools, bots)?
4. Any indicators from the behavior report that clearly classify it as malicious?

Any technical insights or reverse engineering observations would be appreciated.

Title: Suspicious signed executable (RobotAI.exe / ycvol.exe) – possible Discord-related malware?

I found a suspicious executable on my system and I’m trying to determine its origin and behavior.

Details:

• File name: RobotAI.exe
• Also seen as: ycvol.exe (on VirusTotal)
• Location: C:\DoscordRobot\
• Size: ~147 KB

VirusTotal Behavior Report:
https://www.virustotal.com/gui/file/29fdd994c5c62ca7e7c9f3ebeffe7a25a4d5c055ca55be2bcda70db8c3a2c634/behavior

Observations:

• The file is digitally signed with a valid signature
• Signer appears to be: “Chengdu Weisuan Technology Co., Ltd.”
• Certificate chain includes GlobalSign / DigiCert
• File name differs between local system and VT (possible renaming)
• The folder name “DoscordRobot” looks like a typo-squatted Discord directory

I did NOT intentionally install or download anything with this name.

Questions:

1. Is this associated with any known malware family (stealer / loader / RAT)?
2. How trustworthy is this type of digital signature in practice?
3. Does this match known Discord-based infection vectors (e.g., fake tools, bots)?
4. Any indicators from the behavior report that clearly classify it as malicious?

Any technical insights or reverse engineering observations would be appreciated.

Title: Suspicious signed executable (RobotAI.exe / ycvol.exe) – possible Discord-related malware?

I found a suspicious executable on my system and I’m trying to determine its origin and behavior.

Details:

• File name: RobotAI.exe
• Also seen as: ycvol.exe (on VirusTotal)
• Location: C:\DoscordRobot\
• Size: ~147 KB

VirusTotal Behavior Report:
https://www.virustotal.com/gui/file/29fdd994c5c62ca7e7c9f3ebeffe7a25a4d5c055ca55be2bcda70db8c3a2c634/behavior

Observations:

• The file is digitally signed with a valid signature
• Signer appears to be: “Chengdu Weisuan Technology Co., Ltd.”
• Certificate chain includes GlobalSign / DigiCert
• File name differs between local system and VT (possible renaming)
• The folder name “DoscordRobot” looks like a typo-squatted Discord directory

I did NOT intentionally install or download anything with this name.

Questions:

1. Is this associated with any known malware family (stealer / loader / RAT)?
2. How trustworthy is this type of digital signature in practice?
3. Does this match known Discord-based infection vectors (e.g., fake tools, bots)?
4. Any indicators from the behavior report that clearly classify it as malicious?

Any technical insights or reverse engineering observations would be appreciated.