» docine.exe
Overview
Analysis
File Details
Behaviors (1)

docine.exe

Docine

Shanghai Yuntong Technology Co., Ltd.

The application docine.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(DocineP)”.

File name:

docine.exe

Publisher:

Shanghai Yuntong Technology Co., Ltd. (signed and verified)

Product:

Docine

Version:

1.0.0.1

MD5:

510d4ef7c218a942f15c50bac8e06b26

SHA-1:

9df1829ec9c33ca06d6246a272ad429b67a31d00

SHA-256:

99ab3f9b7ba2ae0b0b7a3366981279793afc4cd60504ef2f9e0479c692b2525d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 12:31:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex (M)

16.6.26.12

File size:

410.4 KB (420,232 bytes)

Product version:

51.12.2704.63

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\docine\docine.exe

Digital Signature

Signed by:

Shanghai Yuntong Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

6/1/2016 2:00:00 AM

Valid to:

2/25/2017 12:59:59 AM

Subject:

CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

089B3119C4FAB31D5BFDE2D2D5785A16

File PE Metadata

Compilation timestamp:

6/14/2016 8:16:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:f+/BEUeL3RF7wOlGpKOA5U0znUlvR/6V9h6gmQdfHgTotuzTwQJ:fxRlwmGpKOAe0zU1Wht/izPJ

Entry address:

0x2CB4E

Entry point:

9A, C6, 70, 00, 00, 87, F2, 9D, 88, AD, 82, 4B, 3A, B0, 33, 00, F6, 23, 86, 07, FE, 5F, 00, 00, 00, 00, 2E, 0D, 22, 30, 29, E8, 92, 0F, 2C, 9C, B1, 33, 13, AD, 48, 00, 00, 00, 00, DF, 39, 4A, 7E, 48, 13, 76, 71, 3D, 24, 34, FE, 7A, F6, 86, D3, DF, 66, 14, 00, 5D, B7, 33, 88, 27, 81, A9, 37, 9F, 88, AD, 82, 91, FF, 26, 83, 36, DE, 00, 00, 00, 00, A0, BE, 3E, 16, 9C, 42, 00, 00, 00, 00, EE, 33, 76, 71, 45, 16, 47, 7B, 01, 2B, 39, FB, 4B, FC, BA, DC, D2, 63, 25, 00, 61, B8, 3E, FB, 06, 87, AD, 08, 92, B5, 26... 
[+]

Code size:

302 KB (309,248 bytes)

Service

Display name:

Protect Service(DocineP)

Service name:

DocineP

Description:

To ensure your Docine software integrity. If this service is disabled or stopped, your Docine software will not be kept integrity check. This service uninstalls itself when there is no Docine software

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove docine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.