home

epuiashb.exe

Gawo Ebapnahioki Pien

The application epuiashb.exe by Gawo Ebapnahioki Pien has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ducinorpi”.
Publisher:
Gawo Ebapnahioki Pien  (signed and verified)

MD5:
8c60c64214992921d4ded1b3cfb5e715

SHA-1:
a6001e1da6a4be6ca9681b479f27721855e34a5a

SHA-256:
c6a0292c3efa1ed151225823a56f959f81cf2fb90649aecd68bf247a675a89e0

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/23/2024 9:59:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.14573
593

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.06

Arcabit
Trojan.Mikey.D38ED
1.0.0.425

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.15622

Bitdefender
Gen:Variant.Mikey.14573
1.0.20.865

Emsisoft Anti-Malware
Gen:Variant.Mikey.14573
8.15.06.22.07

ESET NOD32
Win32/Adware.PennyBee (variant)
9.11743

F-Secure
Gen:Variant.Mikey.14573
11.2015-22-06_2

G Data
Gen:Variant.Mikey.14573
15.6.25

MicroWorld eScan
Gen:Variant.Mikey.14573
16.0.0.519

NANO AntiVirus
Riskware.Win32.PennyBee.dsnrfy
0.30.24.1636

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.22.7

File size:
476.5 KB (487,888 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\iketyol\epuiashb.exe

Digital Signature
Signed by:
Gawo Ebapnahioki Pien

Authority:
Gawo Ebapnahioki Pien

Valid from:
6/5/2015 11:20:59 PM

Valid to:
6/4/2016 11:20:59 PM

Subject:
CN=Jizli Roetme, O=Gawo Ebapnahioki Pien, L=Mefetaca, S=Soqpojloyu, C=RU

Issuer:
CN=Qip Mifzae, O=Gawo Ebapnahioki Pien, L=Mefetaca, S=Soqpojloyu, C=RU

Serial number:
01

File PE Metadata
Compilation timestamp:
6/5/2015 11:22:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:8A4sTAPE4KPOtx325p4a2U8ubvYUlyBWcSoB:zhOt9a2UcBhB

Entry address:
0x3B54E

Entry point:
E8, BF, 33, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 2F, 47, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, F7, 46, 00, 01, 0F, 82, B6, 34, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Code size:
358.5 KB (367,104 bytes)

Service
Display name:
ducinorpi

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.96.248:80)

Remove epuiashb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.