home

bjrcbu.dll

User 应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ZHIJIU SZD32A CSP1.0.0’.
Publisher:
HENGBAO CO., LTD.  (signed and verified)

Product:
User 应用程序

Description:
HengBao UKey Tool

Version:
5, 0, 0, 1

MD5:
3c2ee0499dd30dffc52b0279d949eac8

SHA-1:
790b4a3d2b3a606deeed259234dfcedeea0978b5

SHA-256:
faa63a72cbf80815311c255243be423ecd34fc99eab61b33f9c1df37aa8ccdf1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 11:11:55 PM UTC  (a few moments ago)

File size:
249.8 KB (255,744 bytes)

Product version:
5, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
User.EXE

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\bjrcb\hengbao\bjrcbu.dll

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/19/2013 8:30:42 AM

Valid to:
6/22/2016 5:55:03 PM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
6/17/2014 2:01:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:l78M8eU2y+d89OAbsA0KLX4pwtEyvP+sG9oHFrDcyImI1G+/3:lwM8igR0GwE3P+sG9opDvI1z

Entry address:
0xC375

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, C8, 86, 14, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 18, 87, 14, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 15, FF, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, 01, 83, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, F1, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, E0, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Entropy:
6.0117

Developed / compiled with:
Microsoft Visual C++ 6.0

Code size:
46 KB (47,104 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ZHIJIU SZD32A CSP1.0.0

Command:
C:\Windows\System32\rundll32.exe "C:\Program Files\bjrcb\hengbao\bjrcbu.dll",openusertool


Scan bjrcbu.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.