» creg_ezca.exe
Overview
Analysis
File Details
Behaviors (1)

creg_ezca.exe

东方中讯数字证书管理工具

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘eKeyClient_CSP’.

File name:

creg_ezca.exe

Publisher:

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd. (signed and verified)

Product:

东方中讯数字证书管理工具

Description:

重庆东方中讯数字证书注册注销程序

Version:

1.1.0.15

MD5:

49168813ae46aadcafb6fab4ccc0890d

SHA-1:

2607e176be075b2edcfcc437b8d80f21fcfff238

SHA-256:

a9f180bd6a11c54f99fbae6a09dae888cb1cb0f018371a8028b43b9acf2e098c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 1:16:32 AM UTC (today)

File size:

50.1 KB (51,288 bytes)

Product version:

1.1.0.15

Original file name:

重庆东方中讯数字证书注册注销程序

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ezca\mingwah\creg_ezca.exe

Digital Signature

Signed by:

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

9/29/2010 8:00:00 AM

Valid to:

11/29/2011 7:59:59 AM

Subject:

CN="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", L=shenzhen, S=guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

48101CC00E245F5758C9A03FC1202842

File PE Metadata

Compilation timestamp:

6/23/2011 11:09:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:Co64yP4HJ++MoMG5dmEiD5zOO40DwwDUDaCvLW7bCzk:Co64/qNWmEmh4BHva3Czk

Entry address:

0x34BA

Entry point:

55, 8B, EC, 6A, FF, 68, 30, 45, 40, 00, 68, 12, 38, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 20, 42, 40, 00, 59, 83, 0D, 24, 9B, 40, 00, FF, 83, 0D, 28, 9B, 40, 00, FF, FF, 15, 1C, 42, 40, 00, 8B, 0D, 18, 9B, 40, 00, 89, 08, FF, 15, 18, 42, 40, 00, 8B, 0D, 14, 9B, 40, 00, 89, 08, A1, 14, 42, 40, 00, 8B, 00, A3, 20, 9B, 40, 00, E8, 46, 03, 00, 00, 39, 1D, 90, 53, 40, 00, 75, 0C, 68, 6E, 38, 40, 00, FF, 15... 
[+]

Entropy:

5.1804

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

12 KB (12,288 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

eKeyClient_CSP

Command:

C:\Program Files\ezca\mingwah\creg_ezca.exe

Scan creg_ezca.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.