home

chr.exe

Hisarah

Wei Liu

The application chr.exe, “Hisarah Installer” by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Wei Liu  (signed and verified)

Product:
Hisarah

Description:
Hisarah Installer

Version:
1.0.0.1

MD5:
f51a451567c31552c829bc2881c603a9

SHA-1:
0684210157c6b918f49e700b65247f9f06b32b2f

SHA-256:
b84a0289e88d554ee33757c146762ef2f081fcf200008f15b258075be6693361

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:24:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.23.0

File size:
451.4 KB (462,208 bytes)

Product version:
51.9.2704.63

Copyright:
Copyright (C) 2016 Hisarah Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\tools\chr.exe

Digital Signature
Signed by:
Wei Liu

Authority:
thawte, Inc.

Valid from:
6/1/2016 2:00:00 AM

Valid to:
4/2/2017 1:59:59 AM

Subject:
CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
371A7AF7094369957BA75F4229970F3C

File PE Metadata
Compilation timestamp:
6/12/2016 10:14:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:1mzi95ixFqV+8kwZlJeKm8c4m2/oix0tuWJwWDfKXt8/CkDtxZjfsdjz88Y59:z95GQVEO9cX2wztZKYC43ZYZ88A

Entry address:
0x3386B

Entry point:
9A, 1D, 61, 00, 00, A9, F2, 88, 96, A5, 97, 65, E2, 35, 2C, 00, E3, 0D, 86, 12, E0, 57, 00, 00, 00, 00, 30, 05, 37, 1E, 29, FD, 8C, 07, 39, B2, B1, FD, 24, AA, 5B, 8D, 80, 9E, 34, A2, 97, BF, 80, 9F, B3, A5, 97, BF, F9, 3B, 85, 69, A5, B2, 9A, 3A, 91, A5, 97, B2, 9B, BF, 96, A5, 97, 10, 16, 89, 5C, 00, 00, 00, 00, FB, 2D, 7E, 64, 6B, 16, 52, 65, 09, 3E, 17, FB, 5E, E2, B2, C9, FC, C3, 30, 00, 69, AD, 10, 8D, 03, 95, 9D, 2D, BC, 8D, 89, 96, A5, E5, 05, 86, 12, CA, 00, 00, 00, 00, 84, AA, 0A, 0C, BF, 47, 00...
 
[+]

Entropy:
6.9901

Code size:
330 KB (337,920 bytes)

Remove chr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.