» mwicbcukeytoolu.exe
Overview
Analysis
File Details
Behaviors (1)

mwicbcukeytoolu.exe

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MWREGICBC_NEW.exe’.

File name:

mwicbcukeytoolu.exe

Publisher:

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd. (signed and verified)

Description:

ESKey User Tool

Version:

2, 2, 0, 20

MD5:

0c733d131166e36b3847c31ef1e9a14b

SHA-1:

c41f5a6b7a8f2a1d1bc1ce457941ba1fab61b5d5

SHA-256:

9febc81368df3d82493f9d270a87fe239cb3068ee23c33e2db6d70801eb69c82

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:58:16 AM UTC (today)

File size:

410.4 KB (420,256 bytes)

Product version:

2, 2, 0, 20

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\icbcebanktools\mingwah\mwicbcukeytoolu.exe

Digital Signature

Signed by:

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/31/2012 8:00:00 AM

Valid to:

3/2/2014 7:59:59 AM

Subject:

CN="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", OU=Certification Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

58C74BC5E723213EE607BE5B61B2B2CB

File PE Metadata

Compilation timestamp:

1/26/2014 8:22:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:EeewcYRNTwuI1PCyOuBeXafmCOwsqeDPWWTBkq2J3opia1VB2a:3eTuI1PAutfm3qebWWTeq2y

Entry address:

0x3EB32

Entry point:

55, 8B, EC, 6A, FF, 68, F0, D1, 44, 00, 68, 98, EE, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, B0, 65, 44, 00, 59, 83, 0D, 04, E4, 45, 00, FF, 83, 0D, 08, E4, 45, 00, FF, FF, 15, AC, 65, 44, 00, 8B, 0D, A8, E3, 45, 00, 89, 08, FF, 15, A8, 65, 44, 00, 8B, 0D, A4, E3, 45, 00, 89, 08, A1, A4, 65, 44, 00, 8B, 00, A3, 00, E4, 45, 00, E8, 27, 6B, FC, FF, 39, 1D, 88, D4, 45, 00, 75, 0C, 68, B0, F1, 43, 00, FF, 15... 
[+]

Entropy:

6.5685

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

276 KB (282,624 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MWREGICBC_NEW.exe

Command:

"C:\Program Files\icbcebanktools\mingwah\mwicbcukeytoolu.exe" \runmode autorun

Scan mwicbcukeytoolu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.