hpui.exe

Zhang Ling

The application hpui.exe by Zhang Ling has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Zhang Ling  (signed and verified)

MD5:
77d51aa2603179c7fca7911b89932dba

SHA-1:
257db6a82cce65d1f3727b7c7ccd5eeb9a448089

SHA-256:
615fab5ab248eb635d740472d12ef4d39887be0465a4414eb9d9bddd6401b3ab

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/25/2024 1:11:41 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2015.01.01

Avira AntiVirus
APPL/SubTab.spe
7.11.174.42

avast!
Win32:Sality
2014.9-150105

Baidu Antivirus
Adware.Win64.Thinknice
4.0.3.14924

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

ESET NOD32
Win64/Thinknice.E potentially unwanted application
7.0.302.0

Fortinet FortiGate
W95/SK.A
1/5/2015

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

K7 AntiVirus
Virus
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.2685

McAfee
Program.Adware-BrowseFox
5600.6894

Microsoft Security Essentials
Threat.Undefined
1.191.1178.0

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.E
14.9.24.7

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15103

Trend Micro House Call
PE_SALITY.ER
7.2.5

Trend Micro
PE_SALITY.ER
10.465.05

VIPRE Antivirus
Threat.4758034
35418

File size:
687.4 KB (703,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\suptab\hpui.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/23/2014 8:39:35 PM

Valid to:
6/23/2015 8:39:35 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
9/11/2014 3:27:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:mRNciaa4nlLYJGGCSfMLz3nFuno3NHUd+:m3aa4l/6o3FPFy+

Entry address:
0x4781C

Entry point:
E8, 3B, 5C, 00, 00, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 66, 8B, 53, 0C, 83, EC, 20, 83, 3D, 38, FF, 46, 00, 01, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0...
 
[+]

Entropy:
6.5045

Code size:
349.5 KB (357,888 bytes)

The file hpui.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove hpui.exe - Powered by Reason Core Security