home

HRS.exe

HAN Remote Service

Galix/GBI

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HRS’.
Publisher:
Galix/GBI

Product:
HAN Remote Service

Description:
HRS

Version:
1.1.0.0

MD5:
aaab0c804a1a3740ec03f4cba71c8a31

SHA-1:
1246595709a084683ceb8e82f5b5b7a8050a70f4

SHA-256:
b7a974fbf07c90b29c030e85c810a05ea67fd90517729f860f61365bb1fdcbfb

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/1/2025 7:57:07 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1317

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.17314

File size:
309 KB (316,416 bytes)

Product version:
1.1.0.0

Copyright:
Copyright © Galix/GBI

Original file name:
HRS.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
10/14/2010 2:17:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x4E3DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, ED, A8, 60, 6C, 4E, E0, 0B, 88, 55, 52, FF, 24, 7D, 48, 00, 50, BE, 32, 21, 3C, A2, 44, 37, 68, 56, 98, C0, 14, 34, 03, 0D, 1B, 84, 0E, 6B, E8, 2F, D6, CD, 38, 9C, C2, DF, 54, DD, 58, 47, 80, 3A, DC, 8A, CC, 0C, 2A, 2E, 70, 67, DE, C4, 06, 7E, F4, C5, A0, 2C, EA, AB, F0, 8B, B8, D4, 28, 41, 15, 99, 25, F7, 36, E5, 90, 91, 16, 01, 04, 62, 72, E7, 30, 05, 31, 1E, F8, 97...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
305 KB (312,320 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HRS

Command:
C:\han\hrs\hrs.exe


Scan HRS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.