home

bouu.exe

User 应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UCCBKEY CSP’.
Publisher:
HENGBAO CO., LTD.  (signed and verified)

Product:
User 应用程序

Description:
HengBao UKey Tool

Version:
5, 0, 0, 1

MD5:
9198b34aad30c1d41715e30d0eee8a6f

SHA-1:
8c48a7351fe272083e45db7821d587e0324fc90a

SHA-256:
145be8b705f40338844c64f3769c623253852b86b609a384627e3206f44b53f4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:29:20 PM UTC  (today)

File size:
198.3 KB (203,008 bytes)

Product version:
5, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
User.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bou\hengbao\bouu.exe

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/19/2013 8:30:42 AM

Valid to:
6/22/2016 5:55:03 PM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
1/7/2016 2:01:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:jPdfv6MosotRObAAJS8rB8/g87JsT4zc7mCYD:jPx6Mva768zsa

Entry address:
0xD432

Entry point:
55, 8B, EC, 6A, FF, 68, 88, E8, 40, 00, 68, 36, D3, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 90, E1, 40, 00, 59, 83, 0D, 2C, AC, 54, 00, FF, 83, 0D, 30, AC, 54, 00, FF, FF, 15, 94, E1, 40, 00, 8B, 0D, 7C, AB, 54, 00, 89, 08, FF, 15, 98, E1, 40, 00, 8B, 0D, 78, AB, 54, 00, 89, 08, A1, 9C, E1, 40, 00, 8B, 00, A3, 28, AC, 54, 00, E8, 02, E6, FF, FF, 39, 1D, F0, 1D, 41, 00, 75, 0C, 68, 10, D6, 40, 00, FF, 15, A0, E1...
 
[+]

Entropy:
6.6467

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UCCBKEY CSP

Command:
C:\Program Files\bou\hengbao\bouu.exe


Scan bouu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.