» updatehypenet.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updatehypenet.exe

HypeNet

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for HypeNet will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatehypenet.exe by HypeNet has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update HypeNet”. This file is typically installed with the program HypeNet by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

updatehypenet.exe

Publisher:

HypeNet (signed and verified)

Version:

1.0.5308.19565

MD5:

75bc36d45b72848131eb6a305d46c703

SHA-1:

01d25e2d79bd7c562117734f2e780b4519176d25

SHA-256:

df42e9d3078ebb760b23ec064a90e34c192f8545138514124eeac93ef0de32e8

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/27/2024 1:44:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Yontoo.HypeNet (M)

16.2.10.15

File size:

314.3 KB (321,816 bytes)

Product version:

1.0.5308.19565

Original file name:

HypeNet.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hypenet\updatehypenet.exe

Digital Signature

Signed by:

HypeNet

Authority:

VeriSign, Inc.

Valid from:

1/9/2014 3:00:00 AM

Valid to:

1/10/2015 2:59:59 AM

Subject:

CN=HypeNet, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=HypeNet, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1FBAF70F51194AE01BD4FAB2931DA43A

File PE Metadata

Compilation timestamp:

7/14/2014 2:52:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:edUBn8ps5TXkMNksDYru3cPxeMs74JxzQvl2tpb9/1:edUBMsNkMBzxKxtj/1

Entry address:

0x4E59A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

305.5 KB (312,832 bytes)

Service

Display name:

Update HypeNet

Type:

Win32OwnProcess

The file updatehypenet.exe has been discovered within the following program.

HypeNet by Yontoo Technology, Inc.

This adware software (a branded version of the morphing Yontoo adware browser addon) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with Yontoo or its affiliate partners.

hypenet.info/support

79% remove it

Remove updatehypenet.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.