» ostc1_load.EXE
Overview
Analysis
File Details
Behaviors (1)

ostc1_load.EXE

CKCA Manager

CYBERLOTUS VIETNAM TECHNOLOGY JSC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CKCA Load’.

File name:

ostc1_load.EXE

Publisher:

CYBERLOTUS VIETNAM TECHNOLOGY JSC (signed and verified)

Product:

CKCA Manager

Description:

CKCA

Version:

1, 0, 0, 1

MD5:

7ba83b7b81fcdfd3997c4f84b4262cb4

SHA-1:

c9b2cd76fefe82dcc2bdd59ee01742befd623f56

SHA-256:

3304cad02230ae0c2fea96c1adb1232f538b9212f0ac4ca55ca47e0082077b75

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 3:26:17 AM UTC (today)

File size:

277.1 KB (283,768 bytes)

Product version:

1, 0, 0, 1

Original file name:

ostc1_load.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe

Digital Signature

Signed by:

CYBERLOTUS VIETNAM TECHNOLOGY JSC

Authority:

Thawte, Inc.

Subject:

CN=CYBERLOTUS VIETNAM TECHNOLOGY JSC, OU=IT Department, O=CYBERLOTUS VIETNAM TECHNOLOGY JSC, L=Ha Noi, S=Vietnam, C=VN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2AFEB069D18BB5D1288E4D2587BE928E

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x16249

Entry point:

E8, EA, 48, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, F4, F9, 42, 00, E8, 6D, 49, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, D4, E5, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, B2, 49, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 9E, 10, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 78, 4E, 00, 00, 83, C4, 14, 8B, C6, EB... 
[+]

Entropy:

6.2006

Code size:

172 KB (176,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CKCA Load

Command:

C:\Program Files\ckca origsign\ckca token\ostc1\ostc1_load.exe

Scan ostc1_load.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.