home

hipbearupdate.exe

Hipbear

Shan Feng

The application hipbearupdate.exe by Shan Feng has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named HipbearUpdateTaskMachineCore triggered by a time event.
Publisher:
Shan Feng  (signed and verified)

Product:
Hipbear

Version:
1.0.0.1

MD5:
e3fc0a307c2ffc790759ea35f872ef84

SHA-1:
9aaa2f7bd11368e691848429b7dc0277960521db

SHA-256:
e5e4e7b1b6aca5af27e7b303cd11891a29697de9d800588fa5ad5b4a89743953

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:42:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.ShanFeng (M)
16.7.14.8

File size:
565.9 KB (579,456 bytes)

Product version:
51.8.2704.63

Copyright:
Copyright (C) 2016 Hipbear Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hipbear\update\hipbearupdate.exe

Digital Signature
Signed by:
Shan Feng

Authority:
thawte, Inc.

Valid from:
6/1/2016 2:00:00 AM

Valid to:
2/4/2017 1:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BE68A2F1793C12BE67FDE60C6531903

File PE Metadata
Compilation timestamp:
6/8/2016 10:29:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:8294elyiYCL0IOw+/xmAyLmHIvtxg+SzBAQYEmg1YAJpQz4alWBePIhGzzt:8Vmgrw+/xQLntxgHIg1Yc2z4ZBbG3t

Entry address:
0x4BC0E

Entry point:
D7, A4, 61, 00, 00, 9B, BF, 8F, 9B, 8A, A4, 57, DF, 82, 22, 00, D0, 3F, CB, 15, ED, 78, 00, 00, 00, 00, 3D, 2A, 04, 2C, 64, FA, 81, 28, 0A, 80, FC, 21, 64, 8A, 6E, 00, 00, 00, 00, F8, 1F, 56, 33, 5A, 64, 51, 57, 21, 69, 26, ED, 5D, D0, 9A, 9E, CD, E5, 3D, 00, 41, FA, 21, 9B, 75, A7, B5, 7A, 8D, 9B, 8A, A4, 8D, B2, 34, 90, 11, F8, 00, 00, 00, 00, 87, 98, 22, 5B, 8E, 51, 00, 00, 00, 00, FC, 20, 51, 57, 59, 5B, 55, 68, 26, 0D, 25, B6, 59, EF, 9D, FA, CE, BE, 39, 00, 46, 9E, 22, B6, 14, 94, 8A, 2E, 8E, F8, 34...
 
[+]

Entropy:
6.9841

Code size:
437 KB (447,488 bytes)

Scheduled Task
Task name:
HipbearUpdateTaskMachineCore

Trigger:
Time


Remove hipbearupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.