» RSHP.exe
Overview
Analysis
File Details
Programs (1)

RSHP.exe

RSHP IePlugin control

Thinknice Co. Limited

The application RSHP.exe by Thinknice Co. Limited has been detected as adware by 31 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.

File name:

RSHP.exe

Publisher:

Skytech Co., Ltd. (signed by Thinknice Co. Limited)

Product:

RSHP IePlugin control

Description:

IePlugin Service

Version:

2.0.3.398

MD5:

17dcad4517941ae35302212b608d185a

SHA-1:

5110d5efb1cd4b1e635f41ee95c2ce18c45def2f

SHA-256:

ff008182b815bebcc9b0b4d02785ed450e640953a73c1d43c82b2d7be275611d

Scanner detections:

31 / 68

Status:

Adware

Analysis date:

4/16/2024 7:24:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OEZ

554

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

ADWARE/Agent.oez.1

8.3.1.6

Arcabit

Adware.Agent.OEZ

1.0.0.425

avast!

Win32:SupTab-C [Adw]

2014.9-150730

Baidu Antivirus

Adware.Win32.Agent

4.0.3.15730

Bitdefender

Adware.Agent.OEZ

1.0.20.1055

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.SupTab

0.98/21511

Dr.Web

Trojan.Click3.8659

9.0.1.0211

Emsisoft Anti-Malware

Adware.Agent.OEZ

8.15.07.30.12

ESET NOD32

Win32/ELEX.AR potentially unwanted

9.11755

Fortinet FortiGate

Adware/Agent

7/30/2015

F-Secure

Adware.Agent.OEZ

11.2015-30-07_5

G Data

Win32.Application.SubTab

15.7.24

K7 AntiVirus

Adware

13.204.16176

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1657

Malwarebytes

PUP.Optional.IEPluginService.A

v2015.07.30.12

McAfee

Artemis!17DCAD451794

5600.6688

MicroWorld eScan

Adware.Agent.OEZ

16.0.0.633

NANO AntiVirus

Trojan.Win32.Click3.donfcd

0.30.24.1636

nProtect

Adware.Agent.OEZ

15.06.08.01

Panda Antivirus

Trj/Chgt.A

15.07.30.12

Qihoo 360 Security

Malware.Radar03.Gen

1.0.0.1015

Quick Heal

AdWare.Agent.r5 (Not a Virus)

7.15.14.00

Reason Heuristics

PUP.Thinknice.ThinkniceCo (M)

15.7.30.12

Sophos

Elex

4.98

Trend Micro House Call

TROJ_GEN.R047C0EDN15

7.2.211

Trend Micro

TROJ_GEN.R047C0EDN15

10.465.30

Vba32 AntiVirus

BScope.Trojan-Dropper.Injector

3.12.26.3

Zillya! Antivirus

Adware.Agent.Win32.10344

2.0.0.2214

File size:

431.6 KB (441,968 bytes)

Product version:

2.0.3.398

Original file name:

RSHP.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\suptab\rshp.exe

Digital Signature

Signed by:

Thinknice Co. Limited

Authority:

GlobalSign nv-sa

Valid from:

11/26/2013 12:04:13 PM

Valid to:

11/27/2014 12:04:13 PM

Subject:

CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata

Compilation timestamp:

6/10/2014 3:57:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:15kjFpBFjwcX76TWokhTB++aHtjZfazyPhsZ++7kHtN/pIRF9r6n8xjyl5wZ:15ir0cYrmBvKNZfazMg7ufpMrTulQ

Entry address:

0x160E3

Entry point:

E8, 0E, A0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 5C, B3, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 20, 89, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 5C, B3, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03... 
[+]

Entropy:

6.0383

Code size:

281.5 KB (288,256 bytes)

The file RSHP.exe has been discovered within the following program.

SupTab by Thinknice Co. Limited

SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

Remove RSHP.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.