hpui.exe

Zhang Ling

The application hpui.exe by Zhang Ling has been detected as adware by 18 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Zhang Ling  (signed and verified)

MD5:
bbd0a4223bca239d8d55b95fc9f3ee08

SHA-1:
ebe05bab23c7d67a084ad502e3075d8d8a057d2b

SHA-256:
295084e182cf6733aa3e572e0804c8b002bfb5b6b3ee73c409f12bcb3ff2bd57

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/25/2024 2:16:24 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2015.01.01

Avira AntiVirus
APPL/SubTab.spe
7.11.173.30

avast!
Win32:Sality
2014.9-150105

Baidu Antivirus
Adware.Win64.Thinknice
4.0.3.14918

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

ESET NOD32
Win64/Thinknice.E potentially unwanted application
7.0.302.0

Fortinet FortiGate
W95/SK.A
1/5/2015

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

K7 AntiVirus
Virus
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.2685

McAfee
Program.Adware-BrowseFox
5600.6894

Microsoft Security Essentials
Threat.Undefined
1.191.1178.0

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.E
14.9.18.12

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15103

Trend Micro House Call
PE_SALITY.ER
7.2.5

Trend Micro
PE_SALITY.ER
10.465.05

VIPRE Antivirus
Threat.4758034
35418

File size:
687.4 KB (703,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\suptab\hpui.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/15/2014 12:14:58 PM

Valid to:
7/15/2015 12:14:58 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
44C9FA07E0C36E90C219294D56307B89

File PE Metadata
Compilation timestamp:
9/11/2014 12:27:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:cRNciaa4nlLYJGGCSfMLz3nFuno3NHUHu:c3aa4l/6o3FPFIu

Entry address:
0x4781C

Entry point:
E8, 3B, 5C, 00, 00, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 66, 8B, 53, 0C, 83, EC, 20, 83, 3D, 38, FF, 46, 00, 01, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0...
 
[+]

Code size:
349.5 KB (357,888 bytes)

Remove hpui.exe - Powered by Reason Core Security