» uibia.exe
Overview
Analysis
File Details
Behaviors (1)

uibia.exe

ZhongXiang ZhiXing Network Service Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Uibia’.

File name:

uibia.exe

Publisher:

ZhongXiang ZhiXing Network Service Co., Ltd. (signed and verified)

MD5:

55827cd6a44771ecc5828952e97494eb

SHA-1:

5a81bbef9c394c2afcab53c8517d75bacb9834f7

SHA-256:

826e861a626e4994639dc753e2fe22b205d63f6289dab4f4f61b0b04997073b3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 10:04:13 AM UTC (today)

File size:

2.3 MB (2,393,584 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\uibia\uibia.exe

Digital Signature

Signed by:

ZhongXiang ZhiXing Network Service Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

5/31/2012 8:00:00 AM

Valid to:

8/31/2013 7:59:59 AM

Subject:

CN="ZhongXiang ZhiXing Network Service Co., Ltd.", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="ZhongXiang ZhiXing Network Service Co., Ltd.", L=ZhongXiang, S=HuBei, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

51F9220230FFAD7ECF5F6730207A8C85

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:6h4Rt6E8gvOve+UGRl8ghq/OfCGgyPpHngrieM:6yWE8l8MDgf1M

Entry address:

0x1645DC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 74, 3F, 56, 00, E8, 20, 22, EA, FF, 68, 78, 46, 56, 00, 68, 84, 46, 56, 00, E8, 81, 2C, EA, FF, 85, C0, 76, 11, 6A, 00, 6A, 00, 68, 00, 14, 00, 00, 50, E8, 4E, 2F, EA, FF, EB, 60, A1, E8, BE, 56, 00, 8B, 00, E8, A0, 2D, F2, FF, 8B, 0D, 38, BB, 56, 00, A1, E8, BE, 56, 00, 8B, 00, 8B, 15, 1C, EC, 55, 00, E8, A0, 2D, F2, FF, 8B, 0D, E4, BD, 56, 00, A1, E8, BE, 56, 00, 8B, 00, 8B, 15, 8C, 65, 51, 00, E8, 88, 2D, F2, FF, 8B, 0D, EC, BC, 56, 00, A1, E8, BE, 56, 00, 8B, 00, 8B, 15, 68... 
[+]

Entropy:

6.8501

Developed / compiled with:

Microsoft Visual C++

Code size:

1.4 MB (1,456,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Uibia

Command:

"C:\Program Files\uibia\uibia.exe" \start

Scan uibia.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.