home

hisarah.exe

Hisarah

Shanghai Yuntong Technology Co., Ltd.

The application hisarah.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(HisarahP)”.
Publisher:
Shanghai Yuntong Technology Co., Ltd.  (signed and verified)

Product:
Hisarah

Version:
1.0.0.1

MD5:
75b6919a12e3777c3d58ef01b165eef3

SHA-1:
8419f0b1dafef7f95f659f8a6b83e2b612d0b56a

SHA-256:
ff339b96726d2afe7177fd403c56df043b5085e3d49acdbcca373ed4f9ff032b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:49:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex (M)
16.7.30.12

File size:
486.8 KB (498,511 bytes)

Product version:
51.9.2704.63

Copyright:
Copyright (C) 2016 Hisarah Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\hisarah\hisarah.exe

Digital Signature
Signed by:
Shanghai Yuntong Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
6/1/2016 6:00:00 AM

Valid to:
2/25/2017 5:59:59 AM

Subject:
CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
089B3119C4FAB31D5BFDE2D2D5785A16

File PE Metadata
Compilation timestamp:
6/12/2016 2:14:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:G4bKR0UmY/PaQUSCdQghccfaRJtL9G5SBjvrEH71:7dUmYHn/qQghccfaZL9OUrEH71

Entry address:
0x2CB0E

Entry point:
E9, D6, E0, FF, FF, 9F, EC, B9, DC, 9F, A5, 53, 24, 94, 67, 00, D1, 3B, 98, 23, AA, 6D, 00, 00, 00, 00, 7A, 3F, 05, 28, 37, CC, C6, 3D, 0B, 84, AF, 17, 47, 9F, 6F, 00, 00, 00, 00, ED, 1E, 52, 60, 6C, 47, 44, 56, 25, 3A, 10, AA, 48, D1, 9E, CD, FB, 32, 26, 00, 45, A9, 17, DC, 15, A6, B1, 29, BB, DC, 9F, A5, 89, E1, 02, D7, 04, F9, 00, 00, 00, 00, 92, 99, 26, 08, B8, 16, 00, 00, 00, 00, CA, 67, 44, 56, 5D, 08, 63, 2F, 33, 0C, 21, E5, 6F, A8, 88, FB, CA, 7D, 01, 00, 53, 9F, 26, E5, 22, D3, 9F, 2F, 8A, AB, 02...
 
[+]

Entropy:
7.1922

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
302 KB (309,248 bytes)

Service
Display name:
Protect Service(HisarahP)

Service name:
HisarahP

Description:
To ensure your Hisarah software integrity. If this service is disabled or stopped, your Hisarah software will not be kept integrity check. This service uninstalls itself when there is no Hisarah softw

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove hisarah.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.