» ucloud.exe
Overview
Analysis
File Details
Behaviors (1)

ucloud.exe

KT Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ucloud2’.

File name:

ucloud.exe

Publisher:

KT Corporation (signed and verified)

MD5:

172d8e091274ac890c917627db870960

SHA-1:

c579713327e0ce24c53f83cdc5b577c5c2a4ac2b

SHA-256:

668f67ce897f2b3fdbb982ff9d2d309c54bc6c32a0cf2e59aa01eab0d6553d6f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 3:49:27 PM UTC (today)

File size:

6 MB (6,315,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ucloud2\ucloud.exe

Digital Signature

Signed by:

KT Corporation

Authority:

Thawte, Inc.

Valid from:

1/23/2014 9:00:00 AM

Valid to:

1/24/2015 8:59:59 AM

Subject:

CN=KT Corporation, O=KT Corporation, L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

455115923987DD299B2A20DF37D98A77

File PE Metadata

Compilation timestamp:

1/23/2014 8:54:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:IKia/vQiofMu9RuL9V7B4uXG2xNWs36OD9C6wWEDlVU:IAQioFRuxdeuRxNWtNVWED

Entry address:

0x2127EE

Entry point:

E8, 37, 05, 00, 00, E9, 1C, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 55, 33, FF, 33, ED, 8B, 44, 24, 14, 0B, C0, 7D, 15, 47, 45, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 28, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 18, 8B, C8, 8B, C6, F7, 64, 24, 18, 03, D1, EB, 47, 8B, D8... 
[+]

Entropy:

7.2563

Code size:

2.4 MB (2,469,888 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ucloud2

Command:

C:\Program Files\ucloud2\ucloud.exe autostartup maintraymode

Scan ucloud.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.