home

USBKeyTools.EXE

华大智宝建行网银盾-用户管理工具 应用程序

BeiJing HuaDa ZhiBao Electronic System CO., LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USBKeyTools.exe’.
Publisher:
北京华大智宝电子系统有限公司  (signed by BeiJing HuaDa ZhiBao Electronic System CO., LTD.)

Product:
华大智宝建行网银盾-用户管理工具 应用程序

Description:
华大智宝建行网银盾用户管理工具

Version:
1, 6, 0, 47

MD5:
ec6ad21de1ece92358e4ebadfe3b3fab

SHA-1:
fad4fffad0127d707fd41d92a83409d0d36b6c18

SHA-256:
004715134d32d39375ba0aeb5d942208598accd334f473e9b853984d97c8ff7e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 12:14:34 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
BScope.Trojan-Dropper.Pict.62314
3.12.16.8

File size:
132.4 KB (135,560 bytes)

Product version:
1, 6, 0, 47

Copyright:
版权所有 (C) 2012

Original file name:
USBKeyTools.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ccbcomponents\hdzb\usbkeytools.exe

Digital Signature
Signed by:
BeiJing HuaDa ZhiBao Electronic System CO., LTD.

Authority:
VeriSign, Inc.

Valid from:
3/26/2012 8:00:00 AM

Valid to:
5/26/2015 7:59:59 AM

Subject:
CN="BeiJing HuaDa ZhiBao Electronic System CO., LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="BeiJing HuaDa ZhiBao Electronic System CO., LTD.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67D896B97BDB9FC4D250D8D9F81E9A17

File PE Metadata
Compilation timestamp:
3/30/2012 4:20:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:AABaAUwo5q8T7oCKYqhHrljGh5yM6yGLH:DaAU1TKJhHr4n7O

Entry address:
0xAB6B

Entry point:
55, 8B, EC, 6A, FF, 68, 68, C7, 40, 00, 68, C0, AA, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, EC, B3, 40, 00, 59, 83, 0D, D0, 00, 41, 00, FF, 83, 0D, D4, 00, 41, 00, FF, FF, 15, F0, B3, 40, 00, 8B, 0D, B4, 00, 41, 00, 89, 08, FF, 15, F4, B3, 40, 00, 8B, 0D, B0, 00, 41, 00, 89, 08, A1, F8, B3, 40, 00, 8B, 00, A3, CC, 00, 41, 00, E8, 17, 01, 00, 00, 39, 1D, 30, F0, 40, 00, 75, 0C, 68, EE, AC, 40, 00, FF, 15, FC, B3...
 
[+]

Entropy:
5.8560

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
40 KB (40,960 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USBKeyTools.exe

Command:
C:\Program Files\ccbcomponents\hdzb\usbkeytools.exe


Scan USBKeyTools.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.