home

boimcu.exe

User 应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HengBao UranuSafe CSP V5.0 For BOIMC’.
Publisher:
HENGBAO CO., LTD.  (signed and verified)

Product:
User 应用程序

Description:
HengBao UKey Tool

Version:
5, 0, 0, 1

MD5:
98143d50cb3e7b6b978c4975fcb6b378

SHA-1:
ba29207cc0ba2a3fa8ebc080f17eb0b69f7d1988

SHA-256:
1df5708b92e9d64c307a025f925f8c7bd9ccc4676c7c100422d6eae110f401b3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 2:25:40 AM UTC  (today)

File size:
186.3 KB (190,720 bytes)

Product version:
5, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
User.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\boimc\hengbao\boimcu.exe

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/19/2013 8:30:42 AM

Valid to:
6/22/2016 5:55:03 PM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
12/11/2013 5:46:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:RzVXbPHsOoeWRJzrBDHUJh0VOd5fOWmF6dlML0lMTp/dZVg:RBr0ipnd5fPmF6dgm

Entry address:
0xDD82

Entry point:
55, 8B, EC, 6A, FF, 68, A0, F8, 40, 00, 68, 86, DC, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 90, F1, 40, 00, 59, 83, 0D, 70, BB, 54, 00, FF, 83, 0D, 74, BB, 54, 00, FF, FF, 15, 94, F1, 40, 00, 8B, 0D, C4, BA, 54, 00, 89, 08, FF, 15, 98, F1, 40, 00, 8B, 0D, C0, BA, 54, 00, 89, 08, A1, 9C, F1, 40, 00, 8B, 00, A3, 6C, BB, 54, 00, E8, DA, E6, FF, FF, 39, 1D, 60, 2D, 41, 00, 75, 0C, 68, 60, DF, 40, 00, FF, 15, A0, F1...
 
[+]

Entropy:
6.3057

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
54.5 KB (55,808 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HengBao UranuSafe CSP V5.0 For BOIMC

Command:
C:\Program Files\boimc\hengbao\boimcu.exe


Scan boimcu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.