home

mwregicbc.exe

M&W Reg

Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MWREGICBC.exe’.
Publisher:
M&W  (signed by Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.)

Product:
M&W Reg

Version:
1, 0, 0, 12

MD5:
6aa001b8f1517c64f7d120735db43ba0

SHA-1:
39e2d9597a547f9aa862c1d6bb34e4a3831c6d21

SHA-256:
158cc63f635b8e73c9cedf19fbd7033f79c1d038462ec0a899872c1ffaabe3c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 4:02:05 PM UTC  (today)

File size:
249.4 KB (255,360 bytes)

Product version:
1, 0, 0, 12

Copyright:
Copyright (c) 2007 - 2009

Original file name:
M&W Reg.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\icbcebanktools\mingwah\mwregicbc.exe

Digital Signature
Signed by:
Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/29/2008 8:00:00 AM

Valid to:
9/18/2009 7:59:59 AM

Subject:
CN="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Mingwah Aohan Digital Security Technology Co.,Ltd.", L=Shenzhen, S=Shenzhen, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47EB3DD51BE3D1A2073A9E35C67F1C45

File PE Metadata
Compilation timestamp:
9/7/2009 3:37:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:JT/3eypc4ClzRlaKUIz6XPczf6/d8DzEIzOtoSBc3Xkyhy:JTfY4CFRIKUY6/wBZtk5

Entry address:
0xA003

Entry point:
55, 8B, EC, 6A, FF, 68, 60, 6B, 42, 00, 68, C4, A6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, DC, 42, 42, 00, 33, D2, 8A, D4, 89, 15, A8, 26, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, A4, 26, 43, 00, C1, E1, 08, 03, CA, 89, 0D, A0, 26, 43, 00, C1, E8, 10, A3, 9C, 26, 43, 00, 6A, 01, E8, B3, 29, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, D3, 28, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.8450

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
140 KB (143,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MWREGICBC.exe

Command:
"C:\Program Files\icbcebanktools\mingwah\mwregicbc.exe"


Scan mwregicbc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.