» hmpalert.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (3)

hmpalert.exe

HitmanPro.Alert

SurfRight B.V.

It runs as a separate (within the context of its own process) windows Service named “HitmanPro.Alert service”. This is installed with HitmanPro.Alert. The file has been seen being downloaded from email.surfright.com and multiple other hosts.

File name:

hmpalert.exe

Publisher:

SurfRight B.V. (signed and verified)

Product:

HitmanPro.Alert

Version:

3.1.0.340

MD5:

64dabbeb7661b0700f6e5d0af58ea959

SHA-1:

0a9c68f28bdabf7081fd9157de093debf0e8be05

SHA-256:

a4d489ce718dafffd82b8dbeb1d2e2bc7f94c83c19da0a72c8e990bbebfc687f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 11:32:22 AM UTC (today)

File size:

4.1 MB (4,275,464 bytes)

Product version:

3.1.0.340

Original file name:

hmpalert.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hitmanpro.alert\hmpalert.exe

Digital Signature

Signed by:

SurfRight B.V.

Authority:

VeriSign, Inc.

Valid from:

11/6/2012 8:00:00 AM

Valid to:

1/6/2016 7:59:59 AM

Subject:

CN=SurfRight B.V., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SurfRight B.V., L=Hengelo, S=Overijssel, C=NL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

34A8B19DC8071E4182FB27F9B7EC722A

File PE Metadata

Compilation timestamp:

11/20/2015 9:52:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:xKRaDb8zT1Htj0G3S9md1qIIUfChKMR2ztjK:kOb8zTJtyU6hjR2K

Entry address:

0x1FF4A0

Entry point:

E8, 36, 06, 00, 00, E9, 78, FE, FF, FF, FF, 25, F4, 67, 64, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 74, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 63, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B8, 01, 6D, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Entropy:

7.1741

Code size:

2.3 MB (2,378,752 bytes)

Service

Display name:

HitmanPro.Alert service

Service name:

hmpalertsvc

Description:

Exploit mitigation and web browser intrusion detection, real-time and behavior-based.

Type:

Win32OwnProcess

Group:

Base

Depends on:

hmpalert

The file hmpalert.exe has been discovered within the following program.

HitmanPro.Alert by SurfRight B.V.

Publisher's description - “HitmanPro.Alert is a free tool that checks the browser integrity and alerts users when secure online banking and shopping is no longer guaranteed. HitmanPro.Alert will instantly detect over 99% of all known and new banking Trojans.”

www.hitmanpro.com/alert

22% remove it

The file hmpalert.exe has been seen being distributed by the following 3 URLs.

http://email.surfright.com/718/.../newsletter.asp?id=3731380D36380D3133370D333632303839380D3635350D300D505838585068317159526E610D310D0D300D323033343637330D372E352E342E31343434350D34

http://dl.surfright.nl/hmpalert3.exe

http://dl.surfright.nl/hmpalert31.exe

Scan hmpalert.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.