» sccheck.exe
Overview
Analysis
File Details
Behaviors (1)

sccheck.exe

ShadowCube - The Real DLP Product.

Duruan Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘sccheck’.

File name:

sccheck.exe

Publisher:

Duruan Co., Ltd. (signed and verified)

Product:

ShadowCube - The Real DLP Product.

Description:

ShadowCube 2009

Version:

5.18.6.16133

MD5:

0b742c2c9fd6fd086a978c6602b1caa3

SHA-1:

8c2534456f49eb867c6429bc53cf30dd3c155b17

SHA-256:

960398bfef35d6c9a8b8e0fbb95d14f3d5bf88c51a4bab396af22f4deaae0c5e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 4:21:20 PM UTC (today)

File size:

1.5 MB (1,583,768 bytes)

Product version:

5.18.6.16667

Trademarks:

ShadowCube(tm)

Original file name:

sccheck.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\duruan\shadowcube\sccheck.exe

Digital Signature

Signed by:

Duruan Co., Ltd.

Authority:

Thawte, Inc.

Valid from:

8/28/2012 9:00:00 AM

Valid to:

9/28/2014 8:59:59 AM

Subject:

CN="Duruan Co., Ltd.", O="Duruan Co., Ltd.", L=Guro, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

21C5308E14CDB5D6851C23824A883CB7

File PE Metadata

Compilation timestamp:

6/4/2013 6:18:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0xF10B8

Entry point:

E8, DB, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 84, 01, 56, 00, 00, 75, 18, E8, 7D, 7B, 00, 00, 6A, 1E, E8, C7, 79, 00, 00, 68, FF, 00, 00, 00, E8, D4, 2B, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 84, 01, 56, 00, FF, 15, 38, 42, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, B4, 09, 56, 00, 74, 0D, 53, E8, 1E, 84, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, F7, 0C, 00, 00, 89, 30, E8, F0, 0C, 00, 00, 89... 
[+]

Entropy:

6.3953

Code size:

1.1 MB (1,123,328 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

sccheck

Command:

C:\Program Files\duruan\shadowcube\sccheck.exe

Scan sccheck.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.