hiupdate.exe

Shenzhen Enode Technology Co., Ltd.

Publisher:
www.hi-player.com.  (signed by Shenzhen Enode Technology Co., Ltd.)

Description:
Autoupdate

Version:
1,0,1,23

MD5:
76aa8bf1d900edbdf00abc6042bb09a0

SHA-1:
482e5eb077c316d432806ba4447c90069b33db5f

SHA-256:
c3a0740630b79bd50131a466f9c740533c708464a609a645a260ec77ab3edca1

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/12/2024 6:36:40 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
probably DLOADER.Trojan
9.0.1.05190

File size:
633.4 KB (648,616 bytes)

Product version:
1,0,1,23

Copyright:
Copyright (C) 2010

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\hi\hiplayer\hiupdate.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/1/2013 2:00:00 AM

Valid to:
4/1/2016 1:59:59 AM

Subject:
CN="Shenzhen Enode Technology Co., Ltd.", OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Enode Technology Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
60F6AD6D09199C81989F5CD146FBBF4F

File PE Metadata
Compilation timestamp:
8/10/2012 9:48:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x56AD7

Entry point:
E8, 33, EA, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 40, 39, 47, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 2C, 31, 47, 00, C9, C2, 08, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B...
 
[+]

Entropy:
6.4410

Code size:
456 KB (466,944 bytes)

Windows Firewall Allowed Program
Name:
hiupdate.exe


Scan hiupdate.exe - Powered by Reason Core Security