home

HiveProcExplorer.exe

HiveProcExplorer

Beijing Yunhai Collaboration Technology Limited Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HiveProcExplorer’.
Publisher:
Beijing Yunhai Collaboration Tech co., Ltd.  (signed by Beijing Yunhai Collaboration Technology Limited Company )

Product:
HiveProcExplorer

Version:
0.9.0.0136

MD5:
30bf339c3aa64f93cb47284d5107c5db

SHA-1:
453e88d22c8cab96741b1e4db6604e5a5745df61

SHA-256:
03c859ed78b2c04bd513dabf5c07dfa73cde6e7e479f2cf74f60e6e4de93deef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 5:14:02 AM UTC  (today)

File size:
276.7 KB (283,304 bytes)

Product version:
0.9.0.0136

Copyright:
Copyright @2009-2011

Original file name:
HiveProcExplorer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe

Digital Signature
Signed by:
Beijing Yunhai Collaboration Technology Limited Company

Authority:
VeriSign, Inc.

Valid from:
11/1/2010 8:00:00 AM

Valid to:
11/2/2011 7:59:59 AM

Subject:
CN="Beijing Yunhai Collaboration Technology Limited Company ", OU=IT dpt., OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Yunhai Collaboration Technology Limited Company ", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AA927C2B181BE7F3FBB5107D19D7075

File PE Metadata
Compilation timestamp:
10/26/2011 1:09:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:K5WaTfyZQO92/bqgAi17XEk+sB7V3n3zWfg:cWeOwTqti1ystVHzR

Entry address:
0xC1E00

Entry point:
60, BE, 00, 40, 48, 00, 8D, BE, 00, D0, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8426

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
248 KB (253,952 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HiveProcExplorer

Command:
"C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe" -min -pair


Scan HiveProcExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.