home

CCUCSurrogate.exe

SIMATIC WinCC RT SERVER

Siemens AG

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CCUCSurrogate.exe’.
Publisher:
Siemens AG  (signed and verified)

Product:
SIMATIC WinCC RT SERVER

Description:
User Context Surrogate for WinCC

Version:
0703, 2011, 0102, 0010

MD5:
04c8a2c80950548a758bd0f60f49ff09

SHA-1:
8c3f17913d4d22f3534167086948decd5a04f225

SHA-256:
c08f7dc3d167019afdd5a6bde0ba2a9b54b42212597f2e6cc3efd9450c8b19d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 12:38:23 AM UTC  (today)

File size:
276.4 KB (283,024 bytes)

Product version:
V7.3 Upd11

Copyright:
Copyright © Siemens AG, 1994-2016

Trademarks:
WinCC

Original file name:
CCUCSurrogate.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\siemens\wincc\bin\ccucsurrogate.exe

Digital Signature
Signed by:
Siemens AG

Authority:
Symantec Corporation

Valid from:
6/22/2015 5:30:00 AM

Valid to:
7/22/2018 5:29:59 AM

Subject:
CN=Siemens AG, O=Siemens AG, L=Karlsruhe, S=Baden Wuerttemberg, C=DE

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6D3195C080ED985732DC694BDDAF61BA

File PE Metadata
Compilation timestamp:
10/21/2016 8:04:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x24E31

Entry point:
E8, CD, 03, 00, 00, E9, 6B, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, 6A, 43, 00, 89, 0D, B4, 6A, 43, 00, 89, 15, B0, 6A, 43, 00, 89, 1D, AC, 6A, 43, 00, 89, 35, A8, 6A, 43, 00, 89, 3D, A4, 6A, 43, 00, 66, 8C, 15, D0, 6A, 43, 00, 66, 8C, 0D, C4, 6A, 43, 00, 66, 8C, 1D, A0, 6A, 43, 00, 66, 8C, 05, 9C, 6A, 43, 00, 66, 8C, 25, 98, 6A, 43, 00, 66, 8C, 2D, 94, 6A, 43, 00, 9C, 8F, 05, C8, 6A, 43, 00, 8B, 45, 00, A3, BC, 6A, 43, 00, 8B, 45, 04, A3, C0, 6A, 43, 00, 8D, 45, 08, A3, CC, 6A, 43...
 
[+]

Entropy:
6.2191

Code size:
155 KB (158,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CCUCSurrogate.exe

Command:
C:\Program Files\siemens\wincc\bin\ccucsurrogate.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.