» fishlampupdate.exe
Overview
Analysis
File Details
Behaviors (2)

fishlampupdate.exe

Sivi Technology Limited

The application fishlampupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service(FishlampU)”. It runs as a scheduled task under the Windows Task Scheduler named FishlampUpdateTaskMachineCore triggered by a time event.

File name:

fishlampupdate.exe

Publisher:

Sivi Technology Limited (signed and verified)

MD5:

5e22ae6b0d73aff87a722cc609d043c7

SHA-1:

bf288528f866d7602d5e24f6c5c0feb3383b5cd7

SHA-256:

0f9bb675791470280a42b1fa5c337cbb9e2819cb27adc9679ab6881c34bf72ae

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 9:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.SiviTech (M)

16.7.14.15

File size:

553.9 KB (567,184 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\fishlamp\update\fishlampupdate.exe

Digital Signature

Signed by:

Sivi Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

7/10/2016 7:55:44 PM

Valid to:

2/28/2017 11:56:03 PM

Subject:

CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:

276AD2FE20EF9DF2AD1F4D2F

File PE Metadata

Compilation timestamp:

7/11/2016 7:39:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:rU6Bqpxx7HvI5EYM4uZbGlMKP5JlgDcIK2I0CdK7pyZbT0NaXUVfzfYyELU22bC:Eu5EYM4uZbGlMKP5JlgDcIK2I0CdK7pI

Entry address:

0x49250

Entry point:

BC, 27, 51, 00, 00, BD, D4, AA, AB, AB, AB, 71, 8C, 97, 12, 00, DF, 19, A0, 30, DD, 59, 00, 00, 00, 00, 0D, 0B, 0B, 0A, 0F, DF, B1, 09, 05, A6, 97, 04, 30, AB, 61, 00, 00, 00, 00, D9, 10, 70, 58, 7F, 30, 70, 58, 07, 02, 03, DD, 7C, DF, BC, F5, E8, 05, 1C, 00, 67, 91, 04, AB, 21, A8, 93, 11, A8, AB, AB, AB, AB, D9, 11, A0, 30, F7, 00, 00, 00, 00, A6, 97, 04, 30, AB, 61, 00, 00, 00, 00, D9, 10, 70, 58, 7F, 30, 70, 58, 07, 02, 03, DD, 7C, DF, BC, F5, E8, 05, 1C, 00, 67, 91, 04, DD, 31, A4, AB, 21, A8, 93, 11... 
[+]

Entropy:

6.4552

Code size:

425.5 KB (435,712 bytes)

Scheduled Task

Task name:

FishlampUpdateTaskMachineCore

Trigger:

Time

Service

Display name:

Update Service(FishlampU)

Service name:

FishlampU

Description:

Keeps your Fishlamp software up to date. If this service is disabled or stopped, your Fishlamp software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove fishlampupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.