home

cgbusbkeytools4_0.exe

CGBUsbKeyTools4_0

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CGBUsbKeyTools4_0.exe’.
Publisher:
CGB  (signed by Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.)

Product:
CGBUsbKeyTools4_0

Description:
CGBUsbKeyTool(2011-5-26-16-18)

Version:
4, 0, 0, 0

MD5:
efb2c9405240048c1afc522f258d6a7c

SHA-1:
1d655a529fb8f5851bb353a31863314b3a6e864f

SHA-256:
e5fbfe24b1366656a5ccda06f30454b8071a27d85477c89cdf3ad5a28be9b158

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/18/2024 5:04:27 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/18011

Trend Micro House Call
PAK_Generic.001
7.2.216

Trend Micro
PAK_Generic.001
10.465.03

File size:
84.5 KB (86,536 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 2011

Original file name:
CGBUsbKeyTool.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cgbebank4.0\cgbusbkeytools4_0.exe

Digital Signature
Signed by:
Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
9/29/2010 8:00:00 AM

Valid to:
11/29/2011 7:59:59 AM

Subject:
CN="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48101CC00E245F5758C9A03FC1202842

File PE Metadata
Compilation timestamp:
5/26/2011 4:18:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:FI9Ec4ehaKzaHw69P0ZBvZT2bNUXaoLjOCu6p8xya3C/k:FBc4pKEkT2b0ayjVu6p8xbv

Entry address:
0x2E001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, E0, 02, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Entropy:
6.3481

Packer / compiler:
ASPack v2.12

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CGBUsbKeyTools4_0.exe

Command:
C:\Program Files\cgbebank4.0\cgbusbkeytools4_0.exe


Scan cgbusbkeytools4_0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.