RSHP.exe

RSHP IePlugin control

Zhang Ling

The application RSHP.exe by Zhang Ling has been detected as adware by 15 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
RSHP IePlugin control

Description:
IePlugin Service

Version:
2.0.3.746

MD5:
51370823b59b47b5201e1ea634c53e3f

SHA-1:
a8e3a9e6972c6f8b253ea0e1837aeebf0a07b187

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
12/25/2024 12:26:58 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2014.12.08

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.169.4

avast!
Win32:Kukacka
2014.9-141211

Clam AntiVirus
Win.Adware.SupTab
0.98/19743

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

K7 AntiVirus
Virus
13.186.14254

Malwarebytes
PUP.Optional.IEPluginService.A
v2014.08.25.09

Microsoft Security Essentials
Threat.Undefined
1.189.1526.0

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.E
14.8.25.9

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.141209

Trend Micro House Call
PE_SALITY.RL
7.2.345

Trend Micro
PE_SALITY.RL
10.465.11

VIPRE Antivirus
Threat.4721115
35418

File size:
402.9 KB (412,552 bytes)

Product version:
2.0.3.746

Copyright:
Copyright (C) 2014

Original file name:
RSHP.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Program Files\suptab\rshp.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
8/20/2014 9:03:49 AM

Valid to:
6/20/2015 9:03:49 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
33D813964B450F4902EA98231C8EF97E

File PE Metadata
Compilation timestamp:
8/21/2014 4:24:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:TgeWAFjQIUu+sHp4U+hYPJ6ZPAscCSm9WjI6lxGg8uESC:TgJAFjQIUuFJ49ix6ZIc9QI6+tbSC

Entry address:
0x14881

Entry point:
E8, F1, 8F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 32, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 20, 09, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 32, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7...
 
[+]

Code size:
255 KB (261,120 bytes)

The file RSHP.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove RSHP.exe - Powered by Reason Core Security