home

pipi_online.exe

PIPI

Zhejiang HaoYing Network Co. , Ltd

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from dl.pipi.cn.
Publisher:
皮皮科技   (signed by Zhejiang HaoYing Network Co. , Ltd)

Product:
PIPI

Description:
PIPI Setup

Version:
3.3.3.3150

MD5:
0e7c759e7732ae7d05d8798bc9f63cfe

SHA-1:
e3b724a1aa151d723072a9fddd9924e6067b1f47

SHA-256:
35e46972c115b66e7e38cafb0818cd4db3cc8978a3a3fbd3c73867f380a7dde1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 1:07:56 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V1031
7.2.4

File size:
6.9 MB (7,268,544 bytes)

Product version:
3.3.3.3150

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pipi_online.exe

Digital Signature
Signed by:
Zhejiang HaoYing Network Co. , Ltd

Authority:
WoSign eCommerce Services Limited

Valid from:
6/5/2012 10:50:51 AM

Valid to:
6/8/2015 3:51:17 PM

Subject:
E=ycz@pipi.cn, CN="Zhejiang HaoYing Network Co. , Ltd", O="Zhejiang HaoYing Network Co. , Ltd", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
01966376F522EE

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:vNSVi+mwdkWLtVj4OcQG5kWpz3NQwG8e0E101Cd94Q0is:vNS4+mwd34OcQG5kW19RG864ks

Entry address:
0x9C14

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D0, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 99, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 28, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 28, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file pipi_online.exe has been seen being distributed by the following URL.

http://dl.pipi.cn/pipi_online.exe

Scan pipi_online.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.