home

UsbCipHelper.exe

USB CIP Helper Application

Rockwell Automation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UsbCipHelper’.
Publisher:
Rockwell Automation, Inc.  (signed by Rockwell Automation)

Product:
USB CIP Helper Application

Version:
1.6.10.14

MD5:
eee347235421aaf80add7977f98e0f98

SHA-1:
ef4843341e6843072f26dd0e30195dc3ed9ea99d

SHA-256:
a02f7c88e27b53d38f45334f9f6c1d2842037572ca2734bf528789856123597a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 3:27:52 AM UTC  (today)

File size:
2.7 MB (2,844,744 bytes)

Product version:
1.6.10.14

Copyright:
(c) 2011 Rockwell Automation, Inc. All rights reserved.

Original file name:
UsbCipHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rockwell automation\usbcipdriver\usbciphelper\usbciphelper.exe

Digital Signature
Signed by:
Rockwell Automation

Authority:
VeriSign, Inc.

Valid from:
11/29/2015 5:00:00 PM

Valid to:
11/30/2016 4:59:59 PM

Subject:
CN=Rockwell Automation, OU=Driver Signing, O=Rockwell Automation, L=Milwaukee, S=Wisconsin, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57CA5428DB4DF70D09A6E8B7865720A1

File PE Metadata
Compilation timestamp:
8/11/2016 1:21:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:qFctgosEWzPS2uqhMlhbnjnlvLP2vv+7sZGHrQ5NRDZwZpckuhM//dFwvvXBAhxM:q6ttsEWzK2pMlhjnpP2ZEcNRlC//dFwy

Entry address:
0x1A1AAD

Entry point:
E8, 04, B8, 00, 00, E9, 39, FE, FF, FF, 3B, 0D, 74, 90, 67, 00, 75, 02, F3, C3, E9, D6, 67, 00, 00, C7, 01, 78, 01, 63, 00, 8B, C1, C2, 04, 00, 51, C7, 01, 78, 01, 63, 00, E8, 4A, C2, 00, 00, 59, C3, 8B, C1, C2, 04, 00, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, A9, BF, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, 8B, BF, 00, 00, F7, D8, 59, 1B, C0, 59, F7, D8, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, A5, FF, FF, FF, F6...
 
[+]

Entropy:
6.5752

Code size:
2 MB (2,052,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UsbCipHelper

Command:
C:\Program Files\rockwell automation\usbcipdriver\usbciphelper\usbciphelper.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.