home

ebTips.exe

方格子无盘

Shanghai wangheng culture spread Co., LTD

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ebTips_Update’.
Publisher:
上海网恒文化传播有限公司  (signed by Shanghai wangheng culture spread Co., LTD)

Product:
方格子无盘

Description:
ebTips.exe

Version:
1.0.2.1025

MD5:
cbb14d51ad63d3eb56b01dbd5d4bf545

SHA-1:
b76b6f2548396a57f0aa48b0074b7f4fc8e16f89

SHA-256:
08204bf922c175c288d3ed7cd1e1cf041180b764968df5523fd586eb755c8732

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:24:24 AM UTC  (today)

File size:
520.2 KB (532,656 bytes)

Product version:
1.0.2.1025

Copyright:
版权所有 (C) 2011 上海网恒文化传播有限公司

Trademarks:
方格子无盘

Original file name:
ebTips.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nmenu client\ebtips.exe

Digital Signature
Signed by:
Shanghai wangheng culture spread Co., LTD

Authority:
VeriSign, Inc.

Valid from:
5/17/2012 8:00:00 AM

Valid to:
7/17/2013 7:59:59 AM

Subject:
CN="Shanghai wangheng culture spread Co., LTD", OU=Provided by TrustAsia, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai wangheng culture spread Co., LTD", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2ADBF235FF56EA48DF15EA23DC2655E9

File PE Metadata
Compilation timestamp:
10/25/2012 11:20:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:kUt97jw8E7NU8uglaS+lxSM4YGAAFvGO3+bbcvk58LJDmncHu/CGKs1OutIh00by:ElaS+lxSM4z0NG0cgAs1OutIh/bWW8

Entry address:
0xF4F6

Entry point:
E8, 02, 65, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 18, 59, 42, 00, E8, 5C, 25, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, B0, E3, 42, 00, 77, 22, 6A, 04, E8, ED, 66, 00, 00, 59, 83, 65, FC, 00, 56, E8, F4, 6E, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 68, 25, 00, 00, C3, 6A, 04, E8, E8, 65, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, F0, 00, 42, 00, 83, 3D, 8C, C4, 42, 00, 00, 75, 18, E8, B4, 5C, 00...
 
[+]

Entropy:
6.5240

Code size:
122.5 KB (125,440 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ebTips_Update

Command:
"C:\Program Files\nmenu client\ebtips.exe" -update


Scan ebTips.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.