ppap.exe

PPTV网络电视

PPLive Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PPAP’.
Publisher:
PPLive Corporation  (signed and verified)

Product:
PPTV网络电视

Version:
3,5,1,0132

MD5:
d359a1f5a74a65f927fc186b0554ffc0

SHA-1:
c28ad906d0d559ef673055909754b8e1113f2892

SHA-256:
e4823bb8e5666d0f5b24e85546c3fd659763360838f5bd5efd1f5e3bc471c8d0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 11:39:24 AM UTC  (today)

File size:
209.3 KB (214,368 bytes)

Product version:
3,5,1,0132

Copyright:
Copyright ? 2008

Original file name:
PPLive.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\pplivenetwork\ppap.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/10/2012 8:00:00 AM

Valid to:
1/10/2016 7:59:59 AM

Subject:
CN=PPLive Corporation, OU=Product Planning Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PPLive Corporation, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
70D9A64CFFB3E1F64929EFFD88F47EDB

File PE Metadata
Compilation timestamp:
4/28/2014 2:23:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:2FSYfOlY/BTxQryAhGWCzdOQHOUJ5/oOnHOs6CF6veNVEdvFdcflCMX4JdcJpWs:+P//gryMBCzdO3gb6Y6veN4LOPX4MJ7

Entry address:
0xCD2E

Entry point:
E8, 27, 04, 00, 00, E9, 24, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 70, 84, 41, 00, 89, 0D, 6C, 84, 41, 00, 89, 15, 68, 84, 41, 00, 89, 1D, 64, 84, 41, 00, 89, 35, 60, 84, 41, 00, 89, 3D, 5C, 84, 41, 00, 66, 8C, 15, 88, 84, 41, 00, 66, 8C, 0D, 7C, 84, 41, 00, 66, 8C, 1D, 58, 84, 41, 00, 66, 8C, 05, 54, 84, 41, 00, 66, 8C, 25, 50, 84, 41, 00, 66, 8C, 2D, 4C, 84, 41, 00, 9C, 8F, 05, 80, 84, 41, 00, 8B, 45, 00, A3, 74, 84, 41, 00, 8B, 45, 04, A3, 78, 84, 41, 00, 8D, 45, 08, A3, 84, 84, 41...
 
[+]

Entropy:
7.3523

Code size:
67 KB (68,608 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PPAP

Command:
"C:\Program Files\common files\pplivenetwork\ppap.exe" -background


Scan ppap.exe - Powered by Reason Core Security