home

cbhbu.exe

User 应用程序

HENGBAO CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HengBao UranuSafe CSP V5.0 For CBHB’.
Publisher:
HENGBAO CO., LTD.  (signed and verified)

Product:
User 应用程序

Description:
恒宝UKEY客户端工具

Version:
5, 0, 0, 2

MD5:
2a925376a191d5b45fce397a9fdacb7c

SHA-1:
fa471384450137e97d447041d89be3521cbcca8d

SHA-256:
819096db3a97e518dcc2d3f00c16280cc3964599fc52528137a390f309129ccd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 12:20:24 AM UTC  (today)

File size:
235.8 KB (241,408 bytes)

Product version:
5, 0, 0, 2

Copyright:
版权所有 (C) 2011

Original file name:
User.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hengbao uranusafe csp v5.0 for cbhb\cbhbu.exe

Digital Signature
Signed by:
HENGBAO CO., LTD.

Authority:
WoSign eCommerce Services Limited

Valid from:
6/18/2013 8:30:42 PM

Valid to:
6/22/2016 5:55:03 AM

Subject:
E=zhaolm@hengbao.com, CN="HENGBAO CO., LTD.", O="HENGBAO CO., LTD.", L=Danyang, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0D2E4E6591E43A

File PE Metadata
Compilation timestamp:
7/10/2014 3:00:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:vi2P7hjKD9O7b+EGyBAOeuWffBXDQOHhOS2wbT9DLRJd7Xz82W/Lu5nHe9A:a2Plux1yBouk79jOiRAA

Entry address:
0xB6E0

Entry point:
55, 8B, EC, 6A, FF, 68, 38, D8, 40, 00, 68, CE, B6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 60, D1, 40, 00, 59, 83, 0D, 14, 88, 54, 00, FF, 83, 0D, 18, 88, 54, 00, FF, FF, 15, 64, D1, 40, 00, 8B, 0D, 64, 87, 54, 00, 89, 08, FF, 15, 68, D1, 40, 00, 8B, 0D, 60, 87, 54, 00, 89, 08, A1, 6C, D1, 40, 00, 8B, 00, A3, 10, 88, 54, 00, E8, 12, E1, FF, FF, 39, 1D, 60, FA, 40, 00, 75, 0C, 68, EA, B8, 40, 00, FF, 15, 70, D1...
 
[+]

Entropy:
7.2457

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
45 KB (46,080 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HengBao UranuSafe CSP V5.0 For CBHB

Command:
"C:\Program Files\hengbao uranusafe csp v5.0 for cbhb\cbhbu.exe" |a


Scan cbhbu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.