home

BOCu.EXE

应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HengBao UranuSafe CSP V5.0 For BOC’.
Publisher:
Hengbao  (signed by HENGBAO CO., LTD.)

Product:
应用程序

Description:
User

Version:
5, 0, 0, 1

MD5:
58dfd29c86676651e74bc8602e9c3d65

SHA-1:
29ab9595ce9e98720b90a1e796e267e62b81013b

SHA-256:
7dc01d4100021a9cbcaf01e0091f010081872ee908f3497eb55103312fff6e52

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 11:55:55 PM UTC  (a few moments ago)

File size:
513.2 KB (525,511 bytes)

Product version:
5, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
BOCu.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\hbboc\bocu.exe

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/19/2013 6:30:42 AM

Valid to:
6/22/2016 3:55:03 PM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
7/8/2014 7:23:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0xEC42

Entry point:
E9, 21, 79, FF, FF, 68, F8, 08, 41, 00, 68, 44, EB, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, EC, 01, 41, 00, 59, 83, 0D, 7C, E0, 54, 00, FF, 83, 0D, 80, E0, 54, 00, FF, FF, 15, E8, 01, 41, 00, 8B, 0D, CC, DF, 54, 00, 89, 08, FF, 15, E4, 01, 41, 00, 8B, 0D, C8, DF, 54, 00, 89, 08, A1, 38, 02, 41, 00, 8B, 00, A3, 78, E0, 54, 00, E8, 8E, 01, 00, 00, 39, 1D, 78, 52, 41, 00, 75, 0C, 68, 3C, EE, 40, 00, FF, 15, E0, 01...
 
[+]

Entropy:
6.8911

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
58 KB (59,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HengBao UranuSafe CSP V5.0 For BOC

Command:
C:\Program Files\hbboc\bocu.exe


Scan BOCu.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.