home

uopb10c.tmp.hlh

Zhiming Yuan

The file uopb10c.tmp.hlh by Zhiming Yuan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Zhiming Yuan  (signed and verified)

MD5:
a29bde6bcb4c4831ccb296595de319c4

SHA-1:
1ce421dee8b657082524941fd13177b48ba28d26

SHA-256:
e19d7a656545956ab9b1b7e7a3760474ed09e9017be30280879ded0f89b88267

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:39:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Mutahabah (M)
16.9.21.18

File size:
556.4 KB (569,704 bytes)

Common path:
C:\users\{user}\appdata\local\temp\uopb10c.tmp.hlh

Digital Signature
Signed by:
Zhiming Yuan

Authority:
thawte, Inc.

Valid from:
6/13/2016 7:00:00 AM

Valid to:
6/14/2017 6:59:59 AM

Subject:
CN=Zhiming Yuan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
644DC97ACDFA3068AB97A4D0818C866E

File PE Metadata
Compilation timestamp:
6/24/2016 6:46:43 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:i1q8CMqg/9Y7ydEBBJrvUuutWRNrBwiaGUiaGS:i1q8CMZY7ydE1UTt+rNjDjS

Entry address:
0x3EB43

Entry point:
50, 56, 8D, 45, BC, 50, 8D, 45, DC, 56, 50, E8, 42, FD, FF, FF, 83, C4, 20, EB, B8, D9, E8, DC, 5D, DC, DF, E0, F6, C4, 41, 75, 0C, 6A, 98, 56, 57, E8, 53, 04, 00, 00, 83, C4, 0C, 56, 57, E8, CD, 03, 00, 00, DD, 95, 70, FF, FF, FF, D9, EE, 83, C4, 08, DD, E9, DF, E0, 5E, F6, C4, 44, 7B, 1E, DD, 05, 10, A1, 07, 10, DD, E1, DF, E0, F6, C4, 44, 7B, 0D, D9, E0, DD, E9, DF, E0, F6, C4, 44, 7A, 30, EB, 02, DD, D8, DD, D8, E8, 7B, 9D, 00, 00, DD, 85, 70, FF, FF, FF, C7, 00, 22, 00, 00, 00, 8B, 85, 78, FF, FF, FF...
 
[+]

Entropy:
6.7597

Code size:
393 KB (402,432 bytes)

Remove uopb10c.tmp.hlh - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.