home

BOCu.EXE

应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HengBao UranuSafe CSP V5.0 For BOC’.
Publisher:
Hengbao  (signed by HENGBAO CO., LTD.)

Product:
应用程序

Description:
User

Version:
5, 0, 0, 1

MD5:
84c7e148204568ba1e0ac1134c16d0f3

SHA-1:
adc41b67411a34cc7a4a0338f4cbb8ffd018f1bf

SHA-256:
aadbd6d84593ee6d0e456e840fd729b229c32707cc1fc9133235fc5f47de2d2a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 8:36:21 PM UTC  (today)

File size:
513.2 KB (525,511 bytes)

Product version:
5, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
BOCu.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\hbboc\bocu.exe

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/19/2013 6:30:42 AM

Valid to:
6/22/2016 3:55:03 PM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
7/8/2014 7:23:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0xEC42

Entry point:
E9, 15, AF, FF, FF, 68, F8, 08, 41, 00, 68, 44, EB, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, EC, 01, 41, 00, 59, 83, 0D, 7C, E0, 54, 00, FF, 83, 0D, 80, E0, 54, 00, FF, FF, 15, E8, 01, 41, 00, 8B, 0D, CC, DF, 54, 00, 89, 08, FF, 15, E4, 01, 41, 00, 8B, 0D, C8, DF, 54, 00, 89, 08, A1, 38, 02, 41, 00, 8B, 00, A3, 78, E0, 54, 00, E8, 8E, 01, 00, 00, 39, 1D, 78, 52, 41, 00, 75, 0C, 68, 3C, EE, 40, 00, FF, 15, E0, 01...
 
[+]

Entropy:
6.8918

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
58 KB (59,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HengBao UranuSafe CSP V5.0 For BOC

Command:
C:\Program Files\hbboc\bocu.exe


Scan BOCu.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.