» hhapp.exe
Overview
Analysis
File Details
Behaviors (1)

hhapp.exe

花花应用

Shanghai Gensheng Electronic Development Company Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hhapp’.

File name:

hhapp.exe

Publisher:

Shanghai Gensheng Electronic Development Company Limited (signed and verified)

Product:

花花应用

Description:

花花应用程序

Version:

1.0.0.12

MD5:

cc8adc7f2af7e8e00c72a104ca001fac

SHA-1:

9d26db1c4644723aa907a244371a9856b0c7adcf

SHA-256:

d48e7c288347fcc52a98aeec5685a3eab7f709c5c42e0fbba94db085cb413774

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

5/8/2024 10:30:36 PM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1120

File size:

1.2 MB (1,255,592 bytes)

Product version:

0.0.0.1

Original file name:

huahua.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hhapp\hhapp.exe

Digital Signature

Signed by:

Shanghai Gensheng Electronic Development Company Limited

Authority:

VeriSign, Inc.

Valid from:

10/2/2012 8:00:00 AM

Valid to:

10/3/2013 7:59:59 AM

Subject:

CN=Shanghai Gensheng Electronic Development Company Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Gensheng Electronic Development Company Limited, L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

049EF8A5301B70BFDE2A81C8D2D693F7

File PE Metadata

Compilation timestamp:

10/14/2012 2:53:36 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:STvnBqMz1AXXlcmjhf5fOpq/fKYsSt8WGI0ieQho+hDjW9VHjQXX:+FzycAv/nFlGI0ieYo0j2AX

Entry address:

0xBA087

Entry point:

E8, BE, 0E, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 03, A1, 4B, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 37, B4, 02, 00, 8B, 45, 0C, 8B... 
[+]

Entropy:

6.7157

Code size:

946 KB (968,704 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

hhapp

Command:

"C:\Program Files\hhapp\hhapp.exe" -tray

Scan hhapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.