» hisarah.exe
Overview
Analysis
File Details
Behaviors (1)

hisarah.exe

Hisarah

Shanghai Yuntong Technology Co., Ltd.

The application hisarah.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Protect Service(HisarahP)”.

File name:

hisarah.exe

Publisher:

Shanghai Yuntong Technology Co., Ltd. (signed and verified)

Product:

Hisarah

Version:

1.0.0.1

MD5:

7b8c86d6fa351c83240edc5e9e7e88e6

SHA-1:

1ebbbafdfc3e08ce4cdf016d3e52824abb3c6264

SHA-256:

3956c20435b1262b9c301d1d8ef8d3a1124cc9e59c1152cd5c0f59c844f6c8c9

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 12:50:52 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16612

Reason Heuristics

Adware.Elex (M)

16.6.26.12

File size:

410.4 KB (420,232 bytes)

Product version:

51.9.2704.63

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\hisarah\hisarah.exe

Digital Signature

Signed by:

Shanghai Yuntong Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

6/1/2016 8:00:00 AM

Valid to:

2/25/2017 7:59:59 AM

Subject:

CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

089B3119C4FAB31D5BFDE2D2D5785A16

File PE Metadata

Compilation timestamp:

6/12/2016 4:14:20 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:DxpS4bKRhSBtPX5GmYEsparUSCWt+GtghcJ6TfoNRJtAeTY8G85qo:G4bKR0UmYDarUSCdQghccfaRJtL9G5o

Entry address:

0x2CB0E

Entry point:

84, E2, 24, 00, 00, 9F, EC, B9, DC, 9F, A5, 53, 24, 94, 67, 00, D1, 3B, 98, 23, AA, 6D, 00, 00, 00, 00, 7A, 3F, 05, 28, 37, CC, C6, 3D, 0B, 84, AF, 17, 47, 9F, 6F, 00, 00, 00, 00, ED, 1E, 52, 60, 6C, 47, 44, 56, 25, 3A, 10, AA, 48, D1, 9E, CD, FB, 32, 26, 00, 45, A9, 17, DC, 15, A6, B1, 29, BB, DC, 9F, A5, 89, E1, 02, D7, 04, F9, 00, 00, 00, 00, 92, 99, 26, 08, B8, 16, 00, 00, 00, 00, CA, 67, 44, 56, 5D, 08, 63, 2F, 33, 0C, 21, E5, 6F, A8, 88, FB, CA, 7D, 01, 00, 53, 9F, 26, E5, 22, D3, 9F, 2F, 8A, AB, 02... 
[+]

Entropy:

6.9601

Code size:

302 KB (309,248 bytes)

Service

Display name:

Protect Service(HisarahP)

Service name:

HisarahP

Description:

To ensure your Hisarah software integrity. If this service is disabled or stopped, your Hisarah software will not be kept integrity check. This service uninstalls itself when there is no Hisarah softw

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove hisarah.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.