home

HiveProcExplorer.exe

Beijing Yunhai Collaboration Technology Limited Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HiveProcExplorer’.
Publisher:
蜂巢进程管家  (signed by Beijing Yunhai Collaboration Technology Limited Company )

Product:
蜂巢进程管家

Version:
0.9.0.0046

MD5:
7875b3bc53dd91aa6b35c3853fd092b7

SHA-1:
894c4c504e6cb3b9d4df0687c46b9730be6f610d

SHA-256:
662f0151a7ff2b802266b9786aaaba6c43340819aa97cbff944d167514e824b1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 5:55:40 AM UTC  (today)

File size:
242.7 KB (248,496 bytes)

Product version:
0.9.0.0046

Copyright:
Copyright @2009-2011

Original file name:
HiveProcExplorer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe

Digital Signature
Signed by:
Beijing Yunhai Collaboration Technology Limited Company

Authority:
VeriSign, Inc.

Valid from:
11/1/2010 8:00:00 AM

Valid to:
11/2/2011 7:59:59 AM

Subject:
CN="Beijing Yunhai Collaboration Technology Limited Company ", OU=IT dpt., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Yunhai Collaboration Technology Limited Company ", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AA927C2B181BE7F3FBB5107D19D7075

File PE Metadata
Compilation timestamp:
5/26/2011 10:45:57 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:qQMDqUVXQk7LB3GUE94dmPS/Iya22Nj12hvigZ+X4Ry2vv+XNtC6VSo69SFO1oAk:8FL8Nys6/1ap8T38XNtP9FDvRskf

Entry address:
0xA46B0

Entry point:
60, BE, 00, F0, 46, 00, 8D, BE, 00, 20, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8271

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
216 KB (221,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HiveProcExplorer

Command:
"C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe" -min -scan


Scan HiveProcExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.