home

HiveProcExplorer.exe

HiveProcExplorer

Beijing Yunhai Collaboration Technology Limited Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HiveProcExplorer’.
Publisher:
Beijing Yunhai Collaboration Tech co., Ltd.  (signed by Beijing Yunhai Collaboration Technology Limited Company)

Product:
HiveProcExplorer

Version:
1.7.0.0188

MD5:
f312cb93df77ed6abbf720d11103b77f

SHA-1:
cdbe12d2e23d85502f442bd7e99ba47df9659a46

SHA-256:
d87cde66273ef05d8a98c4f1874e6c99f7fff22c105ff38e8d510362dac97987

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:10:18 AM UTC  (today)

File size:
293.9 KB (300,984 bytes)

Product version:
1.7.0.0188

Copyright:
Copyright @2009-2012

Original file name:
HiveProcExplorer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe

Digital Signature
Signed by:
Beijing Yunhai Collaboration Technology Limited Company

Authority:
VeriSign, Inc.

Valid from:
8/15/2011 1:00:00 AM

Valid to:
11/13/2014 11:59:59 PM

Subject:
CN=Beijing Yunhai Collaboration Technology Limited Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing Yunhai Collaboration Technology Limited Company, L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47F20F64E06A547FFE186D707631AFCA

File PE Metadata
Compilation timestamp:
5/22/2012 6:31:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ILzpzpbuZ5ORprcC0XQ33FNtMMsFG1wtkdYzeipA2SmPmR8eRPfN:IvPuZ5ICC0XQ31N18G1vkeiA2RPmpd

Entry address:
0xD07E0

Entry point:
60, BE, 00, E0, 48, 00, 8D, BE, 00, 30, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8509

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HiveProcExplorer

Command:
"C:\Program Files\hiveprocexplorer\hiveprocexplorer.exe" -min -pair


Scan HiveProcExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.