bhoenabler.exe

Liyan Liu

The application bhoenabler.exe by Liyan Liu has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
Liyan Liu  (signed and verified)

MD5:
06d36b75e385f9fdb24f78b0ca712646

SHA-1:
9225fd77d2557debb2fc4437d595f55a41c74080

SHA-256:
3299e250d77f7190553e903385038dc0c8f3b7010dea05a909385cabfba7861b

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
12/25/2024 12:51:59 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141024

G Data
Win32.Application.SubTab
14.10.24

Reason Heuristics
PUP.LiyanLiu.K
14.10.24.18

VIPRE Antivirus
Elex Installer
34124

File size:
65.5 KB (67,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\suptab\bhoenabler.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 2:00:00 AM

Valid to:
7/27/2015 2:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
7/17/2014 8:10:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:2617HY3GZd3ud+Y2jMGov+5LhBhPbhktW:tfuZ2jMGouLhjPbhktW

Entry address:
0x988E

Entry point:
E8, 4E, 04, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 3C, B0, 40, 00, 6A, 01, A3, 14, E4, 40, 00, E8, 41, 05, 00, 00, FF, 75, 08, E8, 3F, 05, 00, 00, 83, 3D, 14, E4, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 27, 05, 00, 00, 59, 68, 09, 04, 00, C0, E8, 28, 05, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 39, 05, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, F8, E1, 40, 00, 89, 0D, F4, E1, 40, 00, 89, 15, F0, E1, 40, 00, 89, 1D, EC, E1, 40, 00, 89, 35, E8, E1, 40, 00, 89, 3D, E4...
 
[+]

Code size:
38.5 KB (39,424 bytes)

The file bhoenabler.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove bhoenabler.exe - Powered by Reason Core Security