hip2pservice.exe
By Shenzhen Enode Technology Co. (Signed)
Version: | 1,0,15,15 |
MD5: | 02f080552a3fc8b0aaff889be27fb202 |
SHA1: | 064c29233fe3e120fb578e0c97d23c5dcc5896ad |
SHA256: | 3ab495296ccc40c4c87eecd0de534f6c38f324f42d4904903edc0dfc5e689a99 |
Warning 3 antivirus scanners has detected malware.
Overview
hip2pservice.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
hiplayer.exe (HiPlayer by No Organization Affiliation). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. It is installed with a couple of know programs including HiPlayer1.18.0.44 published by hi-player.com and HiPlayer1.18.1.28 published by hi-player.com.
Details
File name: | hip2pservice.exe |
Publisher: | www.hi-player.com. |
Description: | Media Streaming Service |
Typical file path: | C:\Program Files\hi\hiplayer\1.18.0.44\hip2pservice.exe |
File version: | 1,0,15,15 |
Size: | 504 KB (516,096 bytes) |
Certificate |
Issued to: | Shenzhen Enode Technology Co. |
Authority (CA): | VeriSign |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following programs will install this file
“Hi Player is a media player to play videos, download videos from the web, and convert the format of a video. It contains the search box, and provides you with the latest list of most viewed videos, added management module downloads where you can control more than the task of uploading at the same time.”
Behaviors
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\Hi\HiPlayer\1.18.1.102\HiP2PService.exe'
- Firewall exception for 'C:\Program Files\Hi\HiPlayer\1.18.0.44\HiP2PService.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 123.125.113.27:8003
[TCP] 198.18.1.6:8000
[UDP] listens on port 9215
[UDP] listens on port 60709
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Dr.Web |
7.0.4.09250 |
DLOADER.Trojan |
eSafe |
7.0.17.0 |
Win32.Trojan |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1112 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00792603% | |
Kernel CPU: | 0.00619170% | |
User CPU: | 0.00173432% | |
Kernel CPU time: | 11,369 ms/min | |
Context switches: | 1,027/sec | |
Memory |
Private memory: | 4.79 MB | |
Private (maximum): | 9.85 MB | |
Private (minimum): | 5.78 MB | |
Non-paged memory: | 4.79 MB | |
Virtual memory: | 76.13 MB | |
Virtual memory (peak): | 83.88 MB | |
Working set: | 6.73 MB | |
Working set (peak): | 11.64 MB | |
Resource allocations |
Threads: | 14 | |
Handles: | 288 | |
GUI GDI count: | 16 | |
GUI GDI peak: | 13 | |
GUI USER count: | 20 | |
GUI USER peak: | 19 | |
Process properties
Threads
Averages
WS2_32.dll |
Total CPU: | 0.17063020% | |
Kernel CPU: | 0.07380073% | |
User CPU: | 0.09682946% | |
CPU cycles: | 4,856,045/sec | |
Context switches: | 34/sec | |
Memory: | 212 KB | |
p2pbase.dll |
Total CPU: | 0.02641085% | |
Kernel CPU: | 0.01628554% | |
User CPU: | 0.01012532% | |
CPU cycles: | 3,679,031/sec | |
Context switches: | 91/sec | |
Memory: | 524 KB | |
p2sbase.dll |
Total CPU: | 0.00673691% | |
Kernel CPU: | 0.00413791% | |
User CPU: | 0.00259900% | |
CPU cycles: | 637,615/sec | |
Context switches: | 92/sec | |
Memory: | 528 KB | |
mswsock.dll |
Total CPU: | 0.00489429% | |
Kernel CPU: | 0.00362540% | |
User CPU: | 0.00126889% | |
CPU cycles: | 427,315/sec | |
Context switches: | 6/sec | |
Memory: | 240 KB | |
HiP2PService.exe (main module) |
Total CPU: | 0.00419626% | |
Kernel CPU: | 0.00218240% | |
User CPU: | 0.00201386% | |
CPU cycles: | 354,869/sec | |
Context switches: | 23/sec | |
Memory: | 548 KB | |
p2pstatreport.dll (by Baidu.com) |
Total CPU: | 0.00081787% | |
Kernel CPU: | 0.00060566% | |
User CPU: | 0.00021220% | |
CPU cycles: | 1,095,904/sec | |
Context switches: | 166/sec | |
Memory: | 372 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Microsoft Windows XP |
62.50% |
|
Windows 7 Ultimate |
37.50% |
|
Distribution by country
Egypt installs about 83.33% of hip2pservice.exe.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Dell |
50.00% |
|
Compaq |
50.00% |
|