» bosh_hb_usbkey_plugins.exe
Overview
Analysis
File Details
Behaviors (1)

bosh_hb_usbkey_plugins.exe

上海银行USBKey用户工具

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HengBao UranuSafe CSP V3.0 For SHBANK’.

File name:

Publisher:

恒宝股份有限公司 (signed by HENGBAO CO., LTD.)

Product:

上海银行USBKey用户工具

Version:

1, 0, 0, 6

MD5:

92165f38faae0b94ad3ed9dbb96976a2

SHA-1:

36f509799967bd5d29c3a6199cf10049c2478fab

SHA-256:

ec35f230d08b99149224c6b8aa98994332086317b10d2dccae5199202179d620

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 10:18:46 PM UTC (today)

File size:

211.9 KB (216,952 bytes)

Product version:

1, 0, 0, 6

Original file name:

User.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\boshebanktools\boshebankplugin\bosh_hb_usbkey\bosh_hb_usbkey_plugins.exe

Digital Signature

Signed by:

HENGBAO CO., LTD.

Authority:

WoSign eCommerce Services Limited

Valid from:

6/18/2013 8:30:42 PM

Valid to:

6/22/2016 5:55:03 AM

Subject:

E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

0D2E4E6591E43A

File PE Metadata

Compilation timestamp:

5/22/2014 10:47:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:c5C9tsNLfB2QqzIbFSrtljFbVZzLB0dR8XSFYibT8X:dtgNxqpt5n1LWESXbS

Entry address:

0x1523A

Entry point:

55, 8B, EC, 6A, FF, 68, 60, 8A, 41, 00, 68, EA, 53, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 08, 75, 41, 00, 59, 83, 0D, F8, 0E, 42, 00, FF, 83, 0D, FC, 0E, 42, 00, FF, FF, 15, 04, 75, 41, 00, 8B, 0D, EC, 0E, 42, 00, 89, 08, FF, 15, 00, 75, 41, 00, 8B, 0D, E8, 0E, 42, 00, 89, 08, A1, FC, 74, 41, 00, 8B, 00, A3, F4, 0E, 42, 00, E8, 2E, 01, 00, 00, 39, 1D, A0, C9, 41, 00, 75, 0C, 68, D4, 53, 41, 00, FF, 15, F8, 74... 
[+]

Entropy:

6.1648

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

88 KB (90,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HengBao UranuSafe CSP V3.0 For SHBANK

Command:

C:\Program Files\boshebanktools\boshebankplugin\bosh_hb_usbkey\bosh_hb_usbkey_plugins.exe

Scan bosh_hb_usbkey_plugins.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.