home

usb-stick-encryption.exe

Hengyida Information Technology CO.,LTD.

The application usb-stick-encryption.exe, “GiliSoft USB Stick Encryption Setup ” by Hengyida Information Technology CO.,LTD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.gilisoft.com and multiple other hosts.
Publisher:
GiliSoft.com   (signed by Hengyida Information Technology CO.,LTD.)

Description:
GiliSoft USB Stick Encryption Setup

Version:
5.3.0

MD5:
ce94ded11ef3b61b3d15a7f2352d7fea

SHA-1:
601db191e53ad289ad08d57d22ba9629f3aa9df5

SHA-256:
d947c190cd0d19c2861016997fb7a4a22392dc6628b65ccd5814581b22b00115

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 5:38:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.HengyidaInformationTechnologyCOLTD
15.4.2.1

File size:
2.9 MB (3,030,448 bytes)

Copyright:
Copyright(C) 2005-2014 GiliSoft International LLC.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\usb-stick-encryption.exe

Digital Signature
Signed by:
Hengyida Information Technology CO.,LTD.

Authority:
WoSign CA Limited

Valid from:
1/15/2014 11:35:57 AM

Valid to:
1/15/2015 11:35:57 AM

Subject:
CN="Hengyida Information Technology CO.,LTD.", E=EastRiverGroup@yahoo.com, O="Hengyida Information Technology CO.,LTD.", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
166DAF8F034BBD9BE8EBE24044970524

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:822O4VqGRaq/5GJ0sG9AAOUC2mT3KD59DYSoHMqG+vetA9S+:x8ErqzsCAAOL2mb8hUHMqG+ve+s+

Entry address:
0x991C

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AA, 97, FF, FF, E8, B1, A9, FF, FF, E8, DC, CB, FF, FF, E8, 63, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, C6, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 7C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, CD, 40, 00, E8, 5B, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9973

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file usb-stick-encryption.exe has been seen being distributed by the following 2 URLs.

http://download.gilisoft.com/.../usb-stick-encryption.exe

http://www.gilisoft.com/.../usb-stick-encryption.exe

Remove usb-stick-encryption.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.