allhairupdate.exe

Shulan Hou

The application allhairupdate.exe by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named AllhairUpdateTaskMachineCore triggered by a time event.
Publisher:
Shulan Hou  (signed and verified)

MD5:
94d662c0de34f9cbc27dad03e7f503e1

SHA-1:
2808c84a53e20479af68ef3fa78463fb863bb044

SHA-256:
92414f218dfa4b6f71b29479c2c9559578db9b1a1579aa79aa11c5b02000ce2a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:15:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.8.15.22

File size:
558.4 KB (571,776 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\allhair\update\allhairupdate.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/4/2016 4:00:00 AM

Valid to:
6/14/2017 3:59:59 AM

Subject:
CN=Shulan Hou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1B471CD0973DAEB038ECC7D56538602F

File PE Metadata
Compilation timestamp:
8/4/2016 11:28:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:OdYcisai8mBIc/cNVK1Fd8HYN0U3+EkfBPH/n8EyPf2gdNT6W+/qz+RZcYHTmzBe:OGB5/mBIcEvqM0EGbdf+3AbjbRyZk3s

Entry address:
0x4556E

Entry point:
AC, EB, 75, 00, 00, A5, EA, C9, CE, 98, C9, 7F, EA, 89, 70, 00, B8, 0A, CC, 20, BB, 7D, 00, 00, 00, 00, 6E, 6E, 38, 68, 01, B9, AF, 6B, 1C, C1, 84, 68, 20, CD, 45, 00, 00, 00, 00, BA, 75, 43, 3A, 71, 56, 6E, 3A, 1E, 65, 10, B1, 6C, B9, 98, F1, 33, DC, 22, 00, 02, A2, 66, A5, 47, B6, F1, 08, CF, B8, C7, BB, CD, FD, 15, B7, 28, C9, 00, 00, 00, 00, A8, F1, 1A, 52, B2, 06, 00, 00, 00, 00, FD, 14, 67, 40, 41, 53, 15, 6B, 65, 0C, 65, C3, 1E, C6, DB, E6, 48, D4, 7A, 00, 63, 86, 1C, E3, 52, C1, 98, 43, A6, F5, 0F...
 
[+]

Code size:
427 KB (437,248 bytes)

Scheduled Task
Task name:
AllhairUpdateTaskMachineCore

Trigger:
Time


Remove allhairupdate.exe - Powered by Reason Core Security