fishlampupdate.exe

Sivi Technology Limited

The application fishlampupdate.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service(FishlampU)”. It runs as a scheduled task under the Windows Task Scheduler named FishlampUpdateTaskMachineCore triggered by a time event.
Publisher:
Sivi Technology Limited  (signed and verified)

MD5:
5e22ae6b0d73aff87a722cc609d043c7

SHA-1:
bf288528f866d7602d5e24f6c5c0feb3383b5cd7

SHA-256:
0f9bb675791470280a42b1fa5c337cbb9e2819cb27adc9679ab6881c34bf72ae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:48:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.SiviTech (M)
16.7.14.15

File size:
553.9 KB (567,184 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\fishlamp\update\fishlampupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/10/2016 7:55:44 PM

Valid to:
2/28/2017 11:56:03 PM

Subject:
CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:
276AD2FE20EF9DF2AD1F4D2F

File PE Metadata
Compilation timestamp:
7/11/2016 7:39:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:rU6Bqpxx7HvI5EYM4uZbGlMKP5JlgDcIK2I0CdK7pyZbT0NaXUVfzfYyELU22bC:Eu5EYM4uZbGlMKP5JlgDcIK2I0CdK7pI

Entry address:
0x49250

Entry point:
BC, 27, 51, 00, 00, BD, D4, AA, AB, AB, AB, 71, 8C, 97, 12, 00, DF, 19, A0, 30, DD, 59, 00, 00, 00, 00, 0D, 0B, 0B, 0A, 0F, DF, B1, 09, 05, A6, 97, 04, 30, AB, 61, 00, 00, 00, 00, D9, 10, 70, 58, 7F, 30, 70, 58, 07, 02, 03, DD, 7C, DF, BC, F5, E8, 05, 1C, 00, 67, 91, 04, AB, 21, A8, 93, 11, A8, AB, AB, AB, AB, D9, 11, A0, 30, F7, 00, 00, 00, 00, A6, 97, 04, 30, AB, 61, 00, 00, 00, 00, D9, 10, 70, 58, 7F, 30, 70, 58, 07, 02, 03, DD, 7C, DF, BC, F5, E8, 05, 1C, 00, 67, 91, 04, DD, 31, A4, AB, 21, A8, 93, 11...
 
[+]

Entropy:
6.4552

Code size:
425.5 KB (435,712 bytes)

Scheduled Task
Task name:
FishlampUpdateTaskMachineCore

Trigger:
Time


Service
Display name:
Update Service(FishlampU)

Service name:
FishlampU

Description:
Keeps your Fishlamp software up to date. If this service is disabled or stopped, your Fishlamp software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove fishlampupdate.exe - Powered by Reason Core Security