ostc1_load.EXE

CKCA Manager

CYBERLOTUS VIETNAM TECHNOLOGY JSC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CKCA Load’. The file has been seen being downloaded from ckca.vn.
Publisher:
CYBERLOTUS VIETNAM TECHNOLOGY JSC  (signed and verified)

Product:
CKCA Manager

Description:
CKCA

Version:
1, 0, 0, 1

MD5:
91c9239b677a015b58001b04d1b1406d

SHA-1:
15549313deddf0a0d23a06a6a3f90fd1b49c5588

SHA-256:
8247394b3cf3d27706040ee9a8d0b9a13de1783c6f194c5b4767f209196373d8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 9:10:39 PM UTC  (today)

File size:
277.1 KB (283,768 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2012

Original file name:
ostc1_load.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/27/2012 7:00:00 AM

Valid to:
8/28/2014 6:59:59 AM

Subject:
CN=CYBERLOTUS VIETNAM TECHNOLOGY JSC, OU=IT Department, O=CYBERLOTUS VIETNAM TECHNOLOGY JSC, L=Ha Noi, S=Vietnam, C=VN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AFEB069D18BB5D1288E4D2587BE928E

File PE Metadata
Compilation timestamp:
10/10/2012 10:05:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:F1jT7IOzmGXQz8gGK9W7TjySSUNj/GrX/4bJYv/sHmVaVTjVCowr73fR4DKJsttB:F9T7IOCGXA7GXKGjeb4b4GwaVTi3p/Sh

Entry address:
0x16249

Entry point:
E8, EA, 48, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, F4, F9, 42, 00, E8, 6D, 49, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, D4, E5, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, B2, 49, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 9E, 10, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 78, 4E, 00, 00, 83, C4, 14, 8B, C6, EB...
 
[+]

Entropy:
6.2006

Code size:
172 KB (176,128 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CKCA Load

Command:
C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe


The file ostc1_load.EXE has been seen being distributed by the following URL.

Scan ostc1_load.EXE - Powered by Reason Core Security