home

RunMate.exe

中信银行网银伴侣

CHINA CITIC BANK CORPORATION LIMITED

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IBankMate’.
Publisher:
CHINA CITIC BANK  (signed by CHINA CITIC BANK CORPORATION LIMITED)

Product:
中信银行网银伴侣

Description:
网银伴侣引导程序

Version:
1, 1, 0, 55

MD5:
8bc8a6e881a1179a1a17ad982e06b703

SHA-1:
7bebeae21dee60dce55b58b5bb9136efa9e2fd7d

SHA-256:
1d0e97bf824598737386dde2b7a20d2ca76a97f0beebc97d45be92fcf852314a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 9:56:56 AM UTC  (today)

File size:
55.7 KB (57,000 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (C) 2012 CHINA CITIC BANK.

Original file name:
RunMate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cncb\perciticmate\runmate.exe

Digital Signature
Signed by:
CHINA CITIC BANK CORPORATION LIMITED

Authority:
VeriSign, Inc.

Valid from:
7/25/2012 8:00:00 AM

Valid to:
8/25/2014 7:59:59 AM

Subject:
CN=CHINA CITIC BANK CORPORATION LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CHINA CITIC BANK CORPORATION LIMITED, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
045FA48981D209E3C4E1001067949630

File PE Metadata
Compilation timestamp:
12/4/2012 4:30:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:9jWybyguKdQVBbuTPDp6RXDXD3XrMG/D7pbtdp9IILq:Pby/0PPU9DTJvttdptG

Entry address:
0x133E

Entry point:
E8, 93, 16, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 7C, A1, 40, 00, 75, 02, F3, C3, E9, 13, 17, 00, 00, 8B, 44, 24, 04, 8B, D0, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 66, 8B, 4C, 24, 08, 48, 48, 3B, C2, 74, 05, 66, 39, 08, 75, F5, 66, 8B, 10, 66, 2B, D1, 66, F7, DA, 1B, D2, F7, D2, 23, C2, C3, 8B, 54, 24, 04, 53, 56, 33, F6, 3B, D6, 57, 74, 08, 8B, 5C, 24, 14, 3B, DE, 77, 1B, E8, 32, 19, 00, 00, 6A, 16, 5F, 89, 38, 56, 56, 56, 56, 56, E8, C4, 18, 00, 00, 83, C4, 14, 8B, C7, EB, 46, 8B, 7C, 24, 18, 3B, FE, 75...
 
[+]

Entropy:
6.0079

Code size:
28 KB (28,672 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IBankMate

Command:
C:\Program Files\cncb\perciticmate\runmate.exe


Scan RunMate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.