home

Huihui.exe

惠惠购物助手

NetEase Youdao Information Technology (Beijing) Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Huihui’.
Publisher:
网易有道  (signed by NetEase Youdao Information Technology (Beijing) Co., Ltd.)

Product:
惠惠购物助手

Description:
惠惠购物助手【网易出品】

Version:
1.0.0.1

MD5:
5c5a1b958e1e9655f88226c85d37f21f

SHA-1:
a5ca97b1d8bf5b25c02b6adbcaf5bbb2784dac65

SHA-256:
e3c865227a5a7eb95b755306a222cce0c39b93f17d315fa1c4583366ba19cad3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:25:25 PM UTC  (today)

File size:
4.1 MB (4,286,832 bytes)

Product version:
1.0.0.1

Copyright:
Netease Youdao. All rights reserved.

Original file name:
Huihui.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\youdao\shoppingassistant\ie\4.5\huihui.exe

Digital Signature
Signed by:
NetEase Youdao Information Technology (Beijing) Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
9/15/2015 8:00:00 PM

Valid to:
9/15/2018 7:59:59 PM

Subject:
CN="NetEase Youdao Information Technology (Beijing) Co., Ltd.", OU=Product Dept., O="NetEase Youdao Information Technology (Beijing) Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37ECFB2B292101C423E04CBCEAE04B1E

File PE Metadata
Compilation timestamp:
12/15/2015 5:39:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:4pdv+S9Tl5h7b/4hFUrEc0L6KNyTjqUK2251AO/sPQv95g6hHRHR6TtL8YufdLjQ:4pcSNlLQhFUQc0L6kyT5+KQzgBL8dY

Entry address:
0x1E2B80

Entry point:
8B, FF, 55, 8B, EC, E8, 46, 72, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, 50, E6, 77, 00, 68, C0, 3E, 5F, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 94, 53, 56, 57, A1, A8, A0, 78, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, 34, D5, 6F, 00, C7, 45, FC, FE, FF, FF, FF, EB, 26, B8, 01, 00, 00, 00, C3, 8B, 65, E8, C7...
 
[+]

Entropy:
6.2449

Code size:
3 MB (3,128,832 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Huihui

Command:
C:\Program Files\youdao\shoppingassistant\ie\4.5\huihui.exe start


Scan Huihui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.