RSHP.exe

RSHP IePlugin control

Liyan Liu

The application RSHP.exe by Liyan Liu has been detected as adware by 16 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Liyan Liu)

Product:
RSHP IePlugin control

Description:
IePlugin Service

Version:
2.0.3.746

MD5:
d0bf1a3bbdffb452ccce3381400162e3

SHA-1:
ac10b08d85151d7fcacecaeb84ce28dfbb20413b

SHA-256:
caeb04a98967105777de09f03422519f6a1dcfba385754e8d98bdd7f013f4a81

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
12/25/2024 12:59:48 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2014.12.08

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.180.32

avast!
Win32:Kukacka
2014.9-141211

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141021

Clam AntiVirus
Win.Adware.SupTab
0.98/19743

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

G Data
Win32.Application.SubTab
14.10.24

K7 AntiVirus
Virus
13.186.14254

Malwarebytes
PUP.Optional.IEPluginService.A
v2014.10.21.03

Microsoft Security Essentials
Threat.Undefined
1.189.1526.0

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.LiyanLiu.E
14.10.21.3

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.141209

Trend Micro House Call
PE_SALITY.RL
7.2.345

Trend Micro
PE_SALITY.RL
10.465.11

VIPRE Antivirus
Threat.4788726
33706

File size:
401.5 KB (411,104 bytes)

Product version:
2.0.3.746

Copyright:
Copyright (C) 2014

Original file name:
RSHP.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\suptab\rshp.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 8:00:00 AM

Valid to:
7/27/2015 8:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
8/21/2014 10:24:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:lgeWAFjQIUu+sHp4U+hYPJ6ZPAscCSm9WjI6lxGg8uESHP:lgJAFjQIUuFJ49ix6ZIc9QI6+tbSv

Entry address:
0x14881

Entry point:
E8, F1, 8F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 32, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 20, 09, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 32, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7...
 
[+]

Entropy:
6.1579

Code size:
255 KB (261,120 bytes)

The file RSHP.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove RSHP.exe - Powered by Reason Core Security