eahpenhiuj_server.exe

Sivi Technology Limited

The application eahpenhiuj_server.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service(eAHPeNhIUJ_update)”. While running, it connects to the Internet address server-52-84-33-121.ewr50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Sivi Technology Limited  (signed and verified)

Version:
49.6.2623.108

MD5:
ffb3c476cd85e26bc42ae4244ba0bd97

SHA-1:
f5a4a56de3a2ae2c7e6a157dea76e1edad68b91c

SHA-256:
f38f2498bf6e78bc584f40de2bd7b576893ed31089a26d5e52fad9b9f5151a6e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:30:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.SiviTech (M)
16.7.14.15

File size:
466.4 KB (477,584 bytes)

Product version:
49.6.2623.108

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\eahpenhiuj\eahpenhiuj\bin\eahpenhiuj_server.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/29/2016 8:56:03 AM

Valid to:
3/1/2017 8:56:03 AM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121241CE1A18DB5D436DE6C5AD0162A462B

File PE Metadata
Compilation timestamp:
3/31/2016 10:50:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:AOQBr/QLXtyHLTiA6D0jUn3xfKTfRITn9q7mZi2gduvBs++xTd6R:8p0yvgD0jEZKTf32guT+xTe

Entry address:
0x36602

Entry point:
E8, 71, 4E, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 30, E3, 46, 00, 75, 02, F3, C3, E9, C5, 13, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 6C, 08, 47, 00, FF, 15, 10, 92, 45, 00, 85, C0, 75, 18, 56, E8, C9, 55, 00, 00, 8B, F0, FF, 15, 5C, 92, 45, 00, 50, E8, CE, 55, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 6C, 08, 47, 00, 85, C0, 75, 1D, E8, A2, 4B, 00, 00, 6A, 1E, E8, F8, 4B, 00, 00, 68, FF, 00, 00, 00, E8, 9B, 36, 00, 00, A1, 6C...
 
[+]

Code size:
349.5 KB (357,888 bytes)

Service
Display name:
Update Service(eAHPeNhIUJ_update)

Service name:
eAHPeNhIUJ_update

Description:
Keeps your eAHPeNhIUJ software up to date. If this service is disabled or stopped, your eAHPeNhIUJ software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed

Type:
Win32OwnProcess

Depends on:
RpcSs


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-37-138.jfk1.r.cloudfront.net  (54.192.37.138:80)

TCP (HTTP):
Connects to server-52-84-33-139.ewr50.r.cloudfront.net  (52.84.33.139:80)

TCP (HTTP):
Connects to server-54-192-37-68.jfk1.r.cloudfront.net  (54.192.37.68:80)

TCP (HTTP):
Connects to server-52-84-33-121.ewr50.r.cloudfront.net  (52.84.33.121:80)

TCP (HTTP):
Connects to server-52-84-33-105.ewr50.r.cloudfront.net  (52.84.33.105:80)

TCP (HTTP):
Connects to server-52-84-33-110.ewr50.r.cloudfront.net  (52.84.33.110:80)

TCP (HTTP):
Connects to server-54-192-37-89.jfk1.r.cloudfront.net  (54.192.37.89:80)

TCP (HTTP):
Connects to server-52-84-33-115.ewr50.r.cloudfront.net  (52.84.33.115:80)

TCP (HTTP):
Connects to server-54-192-36-4.jfk1.r.cloudfront.net  (54.192.36.4:80)

TCP (HTTP):
Connects to server-52-84-33-27.ewr50.r.cloudfront.net  (52.84.33.27:80)

TCP (HTTP):
Connects to server-54-192-37-93.jfk1.r.cloudfront.net  (54.192.37.93:80)

TCP (HTTP):
Connects to server-52-84-33-196.ewr50.r.cloudfront.net  (52.84.33.196:80)

TCP (HTTP):
Connects to server-54-192-36-98.jfk1.r.cloudfront.net  (54.192.36.98:80)

TCP (HTTP):
Connects to server-54-192-37-31.jfk1.r.cloudfront.net  (54.192.37.31:80)

TCP (HTTP):
Connects to server-54-192-37-240.jfk1.r.cloudfront.net  (54.192.37.240:80)

TCP (HTTP):
Connects to server-52-84-33-221.ewr50.r.cloudfront.net  (52.84.33.221:80)

TCP (HTTP):
Connects to minhaoi.com.br  (200.223.247.114:80)

Remove eahpenhiuj_server.exe - Powered by Reason Core Security