home

DGCryptApprove.EXE

解密审批客户端

hangzhou huatu software co., ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WorkFlow’.
Publisher:
Huatusoft   (signed by hangzhou huatu software co., ltd)

Product:
解密审批客户端

Description:
DGCryptApprove

Version:
4, 3, 6, 1006

MD5:
0906d1cfbd7b03f0804a373ee569de4b

SHA-1:
4f0f4d7c89778b871533298623df3c7b6877c682

SHA-256:
bc9279183a4aa823a0ce6f22552c0bda47e51d98f407d720e71cd480ee6168c5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:58:10 AM UTC  (today)

File size:
130.1 KB (133,272 bytes)

Product version:
4, 3, 6, 1006

Copyright:
版权所有 (C) 2009

Original file name:
DGCryptApprove.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\dg\dgcryptapprove.exe

Digital Signature
Signed by:
hangzhou huatu software co., ltd

Authority:
VeriSign, Inc.

Valid from:
11/26/2010 8:00:00 AM

Valid to:
11/26/2012 7:59:59 AM

Subject:
CN="hangzhou huatu software co., ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="hangzhou huatu software co., ltd", L=hangzhou, S=zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2E4E1F0E36B2A493124C81511B30B009

File PE Metadata
Compilation timestamp:
2/1/2013 11:28:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:Zdar+e8Xv2xziyJCbKVxAvWRj6EajriiU1WaFCxiI7WvNmWNASHkWWNASHkuWNA3:eSe8XvMcbskEQFz7ktCSH2CSHOCSHrw

Entry address:
0xA0A2

Entry point:
55, 8B, EC, 6A, FF, 68, E8, CF, 40, 00, 68, EE, A2, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, B8, C3, 40, 00, 59, 83, 0D, 70, FD, 40, 00, FF, 83, 0D, 74, FD, 40, 00, FF, FF, 15, B4, C3, 40, 00, 8B, 0D, 50, FD, 40, 00, 89, 08, FF, 15, B0, C3, 40, 00, 8B, 0D, 4C, FD, 40, 00, 89, 08, A1, AC, C3, 40, 00, 8B, 00, A3, 6C, FD, 40, 00, E8, DA, 01, 00, 00, 39, 1D, D8, FB, 40, 00, 75, 0C, 68, EA, A2, 40, 00, FF, 15...
 
[+]

Entropy:
5.7706

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
44 KB (45,056 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WorkFlow

Command:
C:\Program Files\dg\dgcryptapprove.exe


Scan DGCryptApprove.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.