» hpui.exe
Overview
Analysis
File Details
Programs (1)

hpui.exe

Liyan Liu

The application hpui.exe by Liyan Liu has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

hpui.exe

Publisher:

Liyan Liu (signed and verified)

MD5:

155d246f227846deebebd599f30d584a

SHA-1:

2fc3a5e92137a2b80a59d68b7c62c774c50ffe00

SHA-256:

210a2a43313f4f20a98b72eec887fbbccad0c3004e5b92a4d968d41ed457c222

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

1/24/2025 1:52:16 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.SearchProtect

2014.10.21

avast!

Win32:SupTab-A [Adw]

141003-0

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.141021

Clam AntiVirus

Win.Adware.SupTab

0.98/21511

ESET NOD32

Win32/Thinknice.E potentially unwanted application

7.0.302.0

Fortinet FortiGate

W95/SK.A

1/5/2015

F-Prot

W32/Virut.AI!Generic

v6.4.6.5.141

G Data

Win32.Application.SubTab

14.10.24

K7 AntiVirus

Virus

13.188.14496

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.2685

McAfee

Program.Adware-BrowseFox

5600.6894

Microsoft Security Essentials

Threat.Undefined

1.191.1178.0

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

PUP.LiyanLiu.E

14.10.21.0

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15103

Trend Micro House Call

PE_SALITY.ER

7.2.5

Trend Micro

PE_SALITY.ER

10.465.05

VIPRE Antivirus

Threat.4788726

33706

File size:

715 KB (732,128 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\suptab\hpui.exe

Digital Signature

Signed by:

Liyan Liu

Authority:

DigiCert Inc

Valid from:

7/21/2014 7:00:00 PM

Valid to:

7/27/2015 7:00:00 AM

Subject:

CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata

Compilation timestamp:

8/20/2014 3:28:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:eRNciaa4nlLYJGGCSfMLz3nFunQfXK+pU9:e3aa4l/6o3FHa+pO

Entry address:

0x4781C

Entry point:

E8, 3B, 5C, 00, 00, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 66, 8B, 53, 0C, 83, EC, 20, 83, 3D, 38, FF, 46, 00, 01, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0... 
[+]

Entropy:

6.5928

Code size:

349.5 KB (357,888 bytes)

The file hpui.exe has been discovered within the following program.

SupTab by Thinknice Co. Limited

SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

Remove hpui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.