» hicloudBoxD.dll
Overview
Analysis
File Details
Behaviors (1)

hicloudBoxD.dll

Chunghwa Telecom hicloud Box(e)

中華電信股份有限公司

File name:

hicloudBoxD.dll

Publisher:

Chunghwa Telecom Co., Ltd. (signed by 中華電信股份有限公司)

Product:

Chunghwa Telecom hicloud Box(e)

Description:

hicloud Box(e) Daemon

Version:

5.1.1.1006

MD5:

fefd28296363c40f727a849e3de84e28

SHA-1:

0850b2d2cb1294f123c3f8402c3971f7f227ea5a

SHA-256:

8827920903f19e8d8864f6bb1cd6cd7bb057efd218d7fdd17e75432a1e523527

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/14/2024 3:09:21 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

File size:

2.4 MB (2,535,768 bytes)

Product version:

5.1.1.1005

Original file name:

hicloudBoxD.dll

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\hicloud box(e)\hicloudboxd.dll

Digital Signature

Signed by:

中華電信股份有限公司

Authority:

Chunghwa Telecom Co., Ltd.

Valid from:

12/18/2015 2:28:41 PM

Valid to:

12/18/2020 2:28:41 PM

Subject:

SERIALNUMBER=0002101020015931, CN=數據通信分公司雲端系統處, OU=數據通信分公司雲端系統處, O=中華電信股份有限公司, C=TW

Issuer:

OU=Public Certification Authority - G2, O="Chunghwa Telecom Co., Ltd.", C=TW

Serial number:

5A94639AC8E13F997404E3C5DA4CF468

Registration

CLSIDs:

{5CBAE1F4-93D4-4BF2-9AA3-66B9A3A615AB}, {97173199-65FA-4e09-8DA8-034CDF0F668D}, {A5FAE46C-B23A-43db-9576-8837B8992D14}, {AC94EA49-17E3-49d7-B85F-37CD431BB31F}, {BD80FCF0-1E56-4791-8D86-0E30025FF163}, {C1FE74CF-BD11-4a8e-B45C-75D742ED7FB1}

ProgIDs:

hicloudBoxD.OverlayHandlerUnavailable.1, hicloudBoxD.OverlayHandlerSyncing.1, hicloudBoxD.OverlayHandlerProblem.1, hicloudBoxD.OverlayHandlerPriority.1, hicloudBoxD.OverlayHandlerSynced.1, hicloudBoxD.ShellExtension.1, hicloudBoxD.OverlayHandlerPaired.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/31/2015 11:05:19 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:4ivIVQYTpNN2EjrRci/ZN5dkSGPfjgWVD/GieABXbdIb9A7BXDQJpy+OUAHFe0pM:4/33hxa

Entry address:

0x1402A0

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 83, FA, 01, 49, 8B, F8, 8B, DA, 48, 8B, F1, 75, 05, E8, BF, 57, 01, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 83, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 20, 41, 8B, 00, 48, 8B, DA, 4C, 8B, C9, 44, 8B, D8, 4C, 8B, D1, 41, 83, E3, F8, A8, 04, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49, 63, C3, 4A, 8B, 14, 10, 48, 8B, 43, 10, 8B, 48, 08, 48, 03... 
[+]

Entropy:

6.3457

Code size:

1.5 MB (1,579,520 bytes)

Approved Shell Extension

Name:

hicloudBoxD

CLSID:

{D1A96C88-A382-4862-85A0-B44CCCE203D3}

CLSID name:

ShellExtension Class

Scan hicloudBoxD.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.