home

HiveSoft.exe

HiveSoft

Beijing Yunhai Collaboration Technology Limited Company

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HiveSoft’.
Publisher:
Beijing Yunhai Collaboration Tech co., Ltd.  (signed by Beijing Yunhai Collaboration Technology Limited Company)

Product:
HiveSoft

Version:
1.0.0.0

MD5:
23c95ae3596840a2d56378c097bcaa4c

SHA-1:
9725d968e778bf47bd7f39a1f5d48aaf71f60aea

SHA-256:
b7562d6fd877253257cb6cf0baa9651558e753339a796b75ff6395f61d0a032f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:08:36 PM UTC  (today)

File size:
308.9 KB (316,272 bytes)

Product version:
1.0.0.0

Copyright:
Copyright @2009-2012

Original file name:
HiveSoft.exe

File type:
Executable application (Win64 EXE)

Digital Signature
Signed by:
Beijing Yunhai Collaboration Technology Limited Company

Authority:
VeriSign, Inc.

Valid from:
8/15/2011 8:00:00 AM

Valid to:
11/14/2014 7:59:59 AM

Subject:
CN=Beijing Yunhai Collaboration Technology Limited Company, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beijing Yunhai Collaboration Technology Limited Company, L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47F20F64E06A547FFE186D707631AFCA

File PE Metadata
Compilation timestamp:
10/13/2014 1:22:20 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:yvwm0LvW7XfV5+viDLOcmycQEEiG0iM+g+Y4hS6btyTBvhPjK4IEWNDUJnw9mrfz:yPMuZZNEnGxN2TBhPkELH

Entry address:
0x1E120

Entry point:
48, 83, EC, 28, E8, 9F, A6, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 81, EC, A8, 05, 00, 00, F6, 05, 12, 10, 02, 00, 01, 74, 0A, B9, 0A, 00, 00, 00, E8, E6, 9B, 00, 00, E8, 49, A7, 00, 00, 48, 85, C0, 74, 0A, B9, 16, 00, 00, 00, E8, 46, A7, 00, 00, F6, 05, EB, 0F, 02, 00, 02, 74, 5F, 48, 8D, 8C, 24, D0, 00, 00, 00, FF, 15, BF, 21, 01, 00, 48, 8D, 4C, 24, 30, 33, D2, 41, B8, 98, 00, 00, 00, E8, 05, DD, FF, FF, 48, 8B, 84, 24, A8, 05, 00, 00, 33, C9, 48, 89, 44, 24, 40, 48, 8D, 44, 24, 30, C7...
 
[+]

Entropy:
6.0396

Code size:
187 KB (191,488 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HiveSoft

Command:
"C:\hivesoft\hivesoft\hivesoft.exe" -min


Scan HiveSoft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.