» ok.exe
Overview
Analysis
File Details
Behaviors (1)

ok.exe

Haining shengdun Network Information Technology Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinIP’.

File name:

ok.exe

Publisher:

Haining shengdun Network Information Technology Co., Ltd (signed and verified)

MD5:

e15c43bcd70c36a9ac956242d0d3a929

SHA-1:

62b96c6a3ceb1660b5ab4790bceac8a02d2b3a0c

SHA-256:

3e5d43bf08e9f2d0e68739b0556d05256694202ff7f26621d3d7b673ba7e4d9e

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/16/2024 2:54:35 AM UTC (today)

Scan engine

Detection

Engine version

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.570

File size:

710.3 KB (727,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ok.exe

Digital Signature

Signed by:

Haining shengdun Network Information Technology Co., Ltd

Authority:

VeriSign, Inc.

Valid from:

9/18/2013 8:00:00 AM

Valid to:

9/19/2014 7:59:59 AM

Subject:

CN="Haining shengdun Network Information Technology Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Haining shengdun Network Information Technology Co., Ltd", L=Haining, S=Zhejiang, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5E4B68C169CDA2E9446DCD763BFA0A2D

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Kne1LAAloCEg/2F3P7Hq4Wfulog7IKXiwDPFqblbhq69o3t:KnCL9V/2F3PW4Wm37IKXimt6MD

Entry address:

0x85C20

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 38, 59, 48, 00, E8, 2F, 0F, F8, FF, 33, C0, 55, 68, CC, 5C, 48, 00, 64, FF, 30, 64, 89, 20, 68, 80, 00, 00, 00, 6A, EC, A1, 8C, 84, 48, 00, 8B, 00, 8B, 40, 30, 50, E8, 1A, 1B, F8, FF, A1, 8C, 84, 48, 00, 8B, 00, 33, D2, E8, F8, 45, FD, FF, A1, 8C, 84, 48, 00, 8B, 00, E8, 04, 4A, FD, FF, 8D, 55, EC, B8, 01, 00, 00, 00, E8, C7, D5, F7, FF, 83, 7D, EC, 00, 75, 0B, A1, 8C, 84, 48, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 94, 85, 48, 00, A1, 8C, 84, 48, 00, 8B, 00, 8B... 
[+]

Entropy:

6.6081

Developed / compiled with:

Microsoft Visual C++

Code size:

531.5 KB (544,256 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WinIP

Command:

C:\Program Files\ok.exe

Scan ok.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.