» sccheck.exe
Overview
Analysis
File Details
Behaviors (1)

sccheck.exe

ShadowCube - The Real DLP Product.

Duruan Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘sccheck’.

File name:

sccheck.exe

Publisher:

Duruan Co., Ltd. (signed and verified)

Product:

ShadowCube - The Real DLP Product.

Description:

ShadowCube

Version:

5.18.9.17043

MD5:

9f1b947fe9cc84e84807cc66488975d0

SHA-1:

316b90763a166264e0ddad38cb9a35ecc1f3308b

SHA-256:

2ea975ea2cd666ca443b6394bc84ff122d5b560c19aa8bc4a953ff67080ba29a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 10:41:16 AM UTC (today)

File size:

1.5 MB (1,583,768 bytes)

Product version:

5.18.9.17770

Trademarks:

ShadowCube(tm)

Original file name:

sccheck.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\duruan\shadowcube\sccheck.exe

Digital Signature

Signed by:

Duruan Co., Ltd.

Authority:

Thawte, Inc.

Valid from:

8/28/2012 9:00:00 AM

Valid to:

9/28/2014 8:59:59 AM

Subject:

CN="Duruan Co., Ltd.", O="Duruan Co., Ltd.", L=Guro, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

21C5308E14CDB5D6851C23824A883CB7

File PE Metadata

Compilation timestamp:

10/28/2013 6:27:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0xF10B8

Entry point:

E8, DB, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 84, 01, 56, 00, 00, 75, 18, E8, 7D, 7B, 00, 00, 6A, 1E, E8, C7, 79, 00, 00, 68, FF, 00, 00, 00, E8, D4, 2B, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 84, 01, 56, 00, FF, 15, 38, 42, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, B4, 09, 56, 00, 74, 0D, 53, E8, 1E, 84, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, F7, 0C, 00, 00, 89, 30, E8, F0, 0C, 00, 00, 89... 
[+]

Entropy:

6.3953

Code size:

1.1 MB (1,123,328 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

sccheck

Command:

C:\Program Files\duruan\shadowcube\sccheck.exe

Scan sccheck.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.