interhop.exe

Xiaodong Wang

The application interhop.exe by Xiaodong Wang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “InterHop”.
Publisher:
Xiaodong Wang  (signed and verified)

MD5:
f11dcb4133bcab607c5b8a788b53afec

SHA-1:
25e629f058033c23951ac3fbbef0c4374eb8c44c

SHA-256:
890970df3fe7b70577c92354d8a8659ce9e71eac275425ff7f61b190df9e5a7c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 10:20:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InterHop (M)
16.9.24.18

File size:
1.5 MB (1,562,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\interhop\interhop.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
9/17/2016 5:00:00 PM

Valid to:
8/8/2017 4:59:59 PM

Subject:
CN=Xiaodong Wang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0A4376BB30B80CD104AC42B125DE050A

File PE Metadata
Compilation timestamp:
9/17/2016 11:36:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
12288:ng9K9picjH6D8Z4xMmUF+choF0LtqM5NB:ng9K9vH6D8ZEY+60

Entry address:
0xA39C4

Entry point:
9C, C7, 04, 24, BC, 09, 91, 47, 60, 9C, C7, 44, 24, 20, 9A, BB, 3F, EA, 60, 57, C6, 44, 24, 04, 69, 8D, 64, 24, 44, E9, 84, 9B, 05, 00, B9, 32, E0, 98, D6, 72, C4, AE, F0, 7C, 2A, 7A, 28, DA, 78, 80, EA, 88, 5E, 86, 50, 8A, 58, E1, 29, 4E, 5F, 25, F7, 95, C2, 68, E2, 0E, 5C, D0, 2E, 78, 80, 9E, BF, D3, 47, E1, 60, AE, DB, 78, D6, 4E, F8, 32, 2C, BA, 95, D3, 33, 8E, F0, 68, 17, 6B, 05, E1, A8, 54, E6, F8, 2A, 94, 42, F3, 43, 70, 7B, 9E, D9, 11, 36, FE, 60, EE, 95, DD, 93, 53, 35, A8, B5, FD, 04, 16, E6, 88...
 
[+]

Code size:
274.5 KB (281,088 bytes)

Service
Display name:
InterHop

Type:
Win32OwnProcess, InteractiveProcess


Remove interhop.exe - Powered by Reason Core Security