» HWPostil.OCX
Overview
Analysis
File Details
Behaviors (1)

HWPostil.OCX

AIP System

BEIJING DIANJU INFORMATION TECHNOLOGY CO.,LTD

File name:

HWPostil.OCX

Publisher:

Dianju Co,.Ltd (signed by BEIJING DIANJU INFORMATION TECHNOLOGY CO.,LTD)

Product:

AIP System

Description:

AIP ActiveX Control

Version:

1, 0, 0, 4

MD5:

5a54d8dc0a239a21efa0a302438ec7ad

SHA-1:

bc92c6cfd0c401538d2bd081b783c109d307e90f

SHA-256:

c3edb825686cbcaadc18f282b849a6a50f32e76ebd257ebb6fdfb874e63fe5b9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 1:04:23 PM UTC (today)

File size:

1.9 MB (1,958,568 bytes)

Product version:

1, 0, 0, 4

Original file name:

HWPostil.OCX

File type:

OLE control extension (Win32 OCX)

Language:

English (United States)

Common path:

C:\Windows\System32\hwpostil.ocx

Digital Signature

Signed by:

BEIJING DIANJU INFORMATION TECHNOLOGY CO.,LTD

Authority:

WoSign, Inc.

Valid from:

2/16/2009 8:00:00 AM

Valid to:

2/17/2012 7:59:59 AM

Subject:

CN="BEIJING DIANJU INFORMATION TECHNOLOGY CO.,LTD", OU=Class 3 - for Microsoft Authenticode Signing, O="BEIJING DIANJU INFORMATION TECHNOLOGY CO.,LTD", L=Beijing, S=Beijing, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

51990524B51E567467BBD53F72E44760

Registration

CLSIDs:

{6BDA53C0-9019-4956-B6C9-7ED71D711973}, {FF1FE7A0-0578-4FEE-A34E-FB21B277D561}

ProgID:

HWPOSTIL.HWPostilCtrl.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

7/15/2010 4:55:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:xQZ3fBCmkw8ptXyztAqCHc2wXAYLMySxZQfI9ZmThcy:G5ftkxktU8RXAFfbQg9ZRy

Entry address:

0x3F1A80

Entry point:

80, 7C, 24, 08, 01, 0F, 85, EB, 01, 00, 00, 60, BE, 00, 90, 25, 10, 8D, BE, 00, 80, DA, FF, 57, 83, CD, FF, EB, 0D, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8573

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 - v1.22, 0x

Code size:

1.6 MB (1,675,264 bytes)

ActiveX Install

Name:

{E77E049B-23FC-4DB8-B756-60529A35FAD5}

Scan HWPostil.OCX - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.