home

ostc1_load.EXE

CKCA Manager

CYBERLOTUS VIETNAM TECHNOLOGY JSC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CKCA Load’.
Publisher:
CYBERLOTUS VIETNAM TECHNOLOGY JSC  (signed and verified)

Product:
CKCA Manager

Description:
CKCA

Version:
1, 0, 0, 1

MD5:
44b4dd2b3d07d811db982b7e3f41decc

SHA-1:
bea910965fa326b3e65c5d8ee48261ad0668a520

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 6:31:49 AM UTC  (today)

File size:
277.1 KB (283,768 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2012

Original file name:
ostc1_load.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe

Digital Signature
Signed by:
CYBERLOTUS VIETNAM TECHNOLOGY JSC

Authority:
Thawte, Inc.

Valid from:
8/27/2012 7:00:00 AM

Valid to:
8/28/2014 6:59:59 AM

Subject:
CN=CYBERLOTUS VIETNAM TECHNOLOGY JSC, OU=IT Department, O=CYBERLOTUS VIETNAM TECHNOLOGY JSC, L=Ha Noi, S=Vietnam, C=VN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AFEB069D18BB5D1288E4D2587BE928E

File PE Metadata
Compilation timestamp:
10/10/2012 10:05:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:M1jT7IOzmGXQz8gGK9W7TjySSUNj/GrX/4bJYv/sHmVaVTjVCowr73fR4DKJsttB:M9T7IOCGXA7GXKGjeb4b4GwaVTi3p/Sh

Entry address:
0x16249

Entry point:
E8, EA, 48, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, F4, F9, 42, 00, E8, 6D, 49, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, D4, E5, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, B2, 49, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 9E, 10, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 78, 4E, 00, 00, 83, C4, 14, 8B, C6, EB...
 
[+]

Entropy:
6.2006

Code size:
172 KB (176,128 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CKCA Load

Command:
C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe


Scan ostc1_load.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.