» iKeeperTZB.exe
Overview
Analysis
File Details
Behaviors (1)

iKeeperTZB.exe

台州银行网银管家

Client Server International. Inc. Beijing Branch

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘iKeeperTZB’.

File name:

iKeeperTZB.exe

Publisher:

台州银行 (signed by Client Server International. Inc. Beijing Branch)

Product:

台州银行网银管家

Description:

iKeeperTZBank

Version:

3.1.0.1

MD5:

bec50af9f3d9cd1aa3a9fdcea319db24

SHA-1:

0096610b659f7a4ac09a3dd08b7b6127575ae2c1

SHA-256:

d6203f235ebb603404639f8c29cada86ed5c1f07340e9a1af5ca5ef80e5e3434

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/16/2025 11:14:04 AM UTC (today)

File size:

474.1 KB (485,488 bytes)

Product version:

3.1.0.1

台州银行

Original file name:

iKeeperTZB.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\tzb\ikeeper\ikeepertzb.exe

Digital Signature

Signed by:

Client Server International. Inc. Beijing Branch

Authority:

VeriSign, Inc.

Valid from:

4/6/2012 7:00:00 AM

Valid to:

6/6/2014 6:59:59 AM

Subject:

CN=Client Server International. Inc. Beijing Branch, OU=Technology Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Client Server International. Inc. Beijing Branch, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7B2DE93A0534D9A365E50E795A376C2D

File PE Metadata

Compilation timestamp:

9/12/2013 7:42:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:jV0GRN3DE1frAFDc12nadQSBvICpe/DN6HLthFmUXS5aMm5OUn3AApkigSUkFMOF:u23DKTAFDE/dNpSi/EnqlpkRQ4scGvT

Entry address:

0x5BC3D

Entry point:

E9, D9, A3, FF, FF, 8B, 44, 24, 04, E9, 3E, 33, 04, 00, 00, 00, 3F, 65, 6E, 64, 6C, 40, 73, 74, 64, 40, 40, 59, 41, 41, 41, 56, 3F, 24, 62, 61, 73, 69, 63, 5F, 6F, 73, 74, 72, 65, 61, 6D, 40, 44, 55, 3F, 24, 63, 68, 61, 72, 5F, 74, 72, 61, 69, 74, 73, 40, 44, 40, 73, 74, 64, 40, 40, 40, 31, 40, 41, 41, 56, 32, 31, 40, 40, 5A, 00, F7, D0, FF, 34, 24, FF, 74, 24, 04, 56, 68, E4, E7, DA, DD, 8A, 04, 38, 8D, 64, 24, 40, 0F, 8C, 90, DB, 04, 00, 60, 66, 89, 1C, 24, AA, E8, 4F, A2, FF, FF, E9, AE, A5, 04, 00, E9... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

170 KB (174,080 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

iKeeperTZB

Command:

"C:\Program Files\tzb\ikeeper\ikeepertzb.exe"

Scan iKeeperTZB.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.