home

hipbearupdate.exe

Hipbear

Shan Feng

The application hipbearupdate.exe by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named HipbearUpdateTaskMachineCore triggered by a time event.
Publisher:
Shan Feng  (signed and verified)

Product:
Hipbear

Version:
1.0.0.1

MD5:
73f1f62f97056d2a5e2e2dffa3a302d4

SHA-1:
5252567ffd9e7d6f215c80ef1a64782d417d6dfc

SHA-256:
31edcf020db610b90135ec47e0e505f697de53a46e3e3efb12f9503966dbccd7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:28:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.ShanFeng (M)
16.7.8.1

File size:
565.9 KB (579,456 bytes)

Product version:
51.8.2704.63

Copyright:
Copyright (C) 2016 Hipbear Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hipbear\update\hipbearupdate.exe

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
6/1/2016 7:00:00 AM

Valid to:
2/4/2017 6:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BE68A2F1793C12BE67FDE60C6531903

File PE Metadata
Compilation timestamp:
6/8/2016 3:29:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:R294elyiYCL0IOw+/xmAyLmHIvtxg+SzBAQYEmg1YAJpQz4alWBePIhGzzt:RVmgrw+/xQLntxgHIg1Yc2z4ZBbG3t

Entry address:
0x4BC0E

Entry point:
D7, A4, 61, 00, 00, 9B, BF, 8F, 9B, 8A, A4, 57, DF, 82, 22, 00, D0, 3F, CB, 15, ED, 78, 00, 00, 00, 00, 3D, 2A, 04, 2C, 64, FA, 81, 28, 0A, 80, FC, 21, 64, 8A, 6E, 00, 00, 00, 00, F8, 1F, 56, 33, 5A, 64, 51, 57, 21, 69, 26, ED, 5D, D0, 9A, 9E, CD, E5, 3D, 00, 41, FA, 21, 9B, 75, A7, B5, 7A, 8D, 9B, 8A, A4, 8D, B2, 34, 90, 11, F8, 00, 00, 00, 00, 87, 98, 22, 5B, 8E, 51, 00, 00, 00, 00, FC, 20, 51, 57, 59, 5B, 55, 68, 26, 0D, 25, B6, 59, EF, 9D, FA, CE, BE, 39, 00, 46, 9E, 22, B6, 14, 94, 8A, 2E, 8E, F8, 34...
 
[+]

Entropy:
6.9841

Code size:
437 KB (447,488 bytes)

Scheduled Task
Task name:
HipbearUpdateTaskMachineCore

Trigger:
Time


Remove hipbearupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.