RSHP.exe

RSHP IePlugin control

Zhang Ling

The application RSHP.exe by Zhang Ling has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
RSHP IePlugin control

Description:
IePlugin Service

Version:
2.0.3.903

MD5:
79c8a5854cf1b373933f0bcf64e94e72

SHA-1:
808812ba5662dfce16c25b1723b7da59f7a8f1ed

SHA-256:
7333021854705775594aefc05a4a6ae914ca36e1913a58c6a9fbe6fda3e7859d

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 1:23:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/SubTab.spe
7.11.174.142

Malwarebytes
PUP.Optional.IEPluginService.A
v2014.09.25.01

Reason Heuristics
PUP.ZhangLing.E
14.9.25.12

File size:
50.4 KB (51,592 bytes)

Product version:
2.0.3.903

Copyright:
Copyright (C) 2014

Original file name:
RSHP.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\rshp.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/24/2014 6:39:35 AM

Valid to:
6/24/2015 6:39:35 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
9/16/2014 4:49:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:qk2j+nqbzrVSA1v+fjRaiW8U8QQbqRmaob:qk6+nOzYA12fjbimbaRob

Entry address:
0x4578

Entry point:
E8, 54, 04, 00, 00, E9, 4C, FE, FF, FF, 6A, 0C, 68, D0, 7E, 40, 00, E8, 12, 02, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 13, 02, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A, 14, 68, F0, 7E, 40, 00...
 
[+]

Entropy:
5.6568

Code size:
16.5 KB (16,896 bytes)

The file RSHP.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove RSHP.exe - Powered by Reason Core Security