» fishlampupdate.exe
Overview
Analysis
File Details
Behaviors (1)

fishlampupdate.exe

Sivi Technology Limited

The application fishlampupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named FishlampUpdateTaskMachineCore triggered by a time event.

File name:

fishlampupdate.exe

Publisher:

Sivi Technology Limited (signed and verified)

MD5:

1285e7c18de8df9f5a4a35f62133cc13

SHA-1:

6f95c3c36fbc7419e41468bbfeef3a3d7355cb01

SHA-256:

5bd0a03cd43454cdcfa98150e859f6b428e3080b61c0c285b73f7f04a22d0904

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 9:30:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.SiviTech (M)

16.7.14.15

File size:

553.9 KB (567,184 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\fishlamp\update\fishlampupdate.exe

Digital Signature

Signed by:

Sivi Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

7/11/2016 7:55:44 AM

Valid to:

3/1/2017 12:56:03 PM

Subject:

CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:

276AD2FE20EF9DF2AD1F4D2F

File PE Metadata

Compilation timestamp:

7/12/2016 7:48:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:7Eb/6ho0g0zE5Zs1ujPSRZE0LJq3dlTOq6dVcNyB2nt:7E9MK+0jP4ZEoJqvY4Ny4nt

Entry address:

0x49250

Entry point:

DB, 40, 36, 00, 00, DA, B3, CD, CC, CC, CC, 16, EB, F0, 75, 00, B8, 7E, C7, 57, BA, 3E, 00, 00, 00, 00, 6A, 6C, 6C, 6D, 68, B8, D6, 6E, 62, C1, F0, 63, 57, CC, 06, 00, 00, 00, 00, BE, 77, 17, 3F, 18, 57, 17, 3F, 60, 65, 64, BA, 1B, B8, DB, 92, 8F, 62, 7B, 00, 33, F6, 63, CC, 46, CF, F4, 76, CF, CC, CC, CC, CC, BE, 76, C7, 57, 90, 00, 00, 00, 00, C1, F0, 63, 57, CC, 06, 00, 00, 00, 00, BE, 77, 17, 3F, 18, 57, 17, 3F, 60, 65, 64, BA, 1B, B8, DB, 92, 8F, 62, 7B, 00, 33, F6, 63, BA, 56, C3, CC, 46, CF, F4, 76... 
[+]

Entropy:

6.4042

Code size:

425.5 KB (435,712 bytes)

Scheduled Task

Task name:

FishlampUpdateTaskMachineCore

Trigger:

Time

Remove fishlampupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.