home

haikeyuser_20260.exe

USBKey Tool(Haitai)

Beijing HaitaiFangyuan High Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HaiKeyUser_20260’.
Publisher:
HaiTaiFangYuan Inc  (signed by Beijing HaitaiFangyuan High Technology Co., Ltd.)

Product:
USBKey Tool(Haitai)

Version:
4, 4, 2012, 5140

MD5:
32de3e4be5609c10a0051bb514dab3e3

SHA-1:
552834a2c086e71a897633f723d98bdd7cab2ee4

SHA-256:
eb6160dd40c9ea2db6e7dc0057f7b42901bddc89a3e1a5f760a4ee7db38622bf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:27:48 AM UTC  (today)

File size:
729.4 KB (746,952 bytes)

Product version:
3, 6, 2009, 924

Copyright:
Haitai

Original file name:
USBKey Tool

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gecsp20260\gecsp20260\haikeyuser_20260.exe

Digital Signature
Signed by:
Beijing HaitaiFangyuan High Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/15/2010 8:00:00 AM

Valid to:
11/22/2013 7:59:59 AM

Subject:
CN="Beijing HaitaiFangyuan High Technology Co., Ltd.", OU=Techsupport Dept, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing HaitaiFangyuan High Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7E683C04981E3C137CAFF24C7487EC27

File PE Metadata
Compilation timestamp:
8/31/2012 2:34:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:6XB97D8Pd7YSSEUXGGyeJr/3JubSaJdbQ:oNl1EUXGFoZxaw

Entry address:
0x5FD8D

Entry point:
E8, 59, 9B, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 44, 64, 49, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 44, 64, 49, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.4460

Code size:
467.5 KB (478,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HaiKeyUser_20260

Command:
C:\Program Files\gecsp20260\gecsp20260\haikeyuser_20260.exe


Scan haikeyuser_20260.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.