home

update.exe

update.exe

CHINA CITIC BANK CORPORATION LIMITED

Publisher:
中信银行  (signed by CHINA CITIC BANK CORPORATION LIMITED)

Product:
update.exe

Description:
网银伴侣升级程序

Version:
1.2.0.0720

MD5:
2f6c4f8cf57feff6ffddb5e5cfae8fd0

SHA-1:
16ccab38a043eba23cffbf8edb26a6e284bf2d32

SHA-256:
58a2813486afd523a75c2595a82cf0b3e131ba13f5bee6ec1c76840805506484

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:59:03 AM UTC  (today)

File size:
475.5 KB (486,888 bytes)

Product version:
1.2.0.0720

Copyright:
Copyright (C) 2015 CHINA CITIC BANK.

Original file name:
update.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cncb\perciticmate\update.exe

Digital Signature
Signed by:
CHINA CITIC BANK CORPORATION LIMITED

Authority:
VeriSign, Inc.

Valid from:
7/31/2014 8:00:00 AM

Valid to:
9/29/2017 7:59:59 AM

Subject:
CN=CHINA CITIC BANK CORPORATION LIMITED, OU=INFORMATION TECHNOLOGY DEPT., O=CHINA CITIC BANK CORPORATION LIMITED, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
19539867128CB14AEED3AC1A59D2DEAB

File PE Metadata
Compilation timestamp:
7/19/2015 8:57:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:gb+5Ibl/nugeQ1UCLQMm95NBXDD2sFbrg3D4it0fcDNz9tZfSfGTj:jIZFUCLq5NBXv2sF43D4ibB9tZP

Entry address:
0x24546

Entry point:
E8, F6, 62, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, DC, 48, 45, 00, E8, 79, 63, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, 58, 25, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, C5, 63, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, E4, 48, 45, 00, C3, 53, 8B, 5C, 24, 08, 56, 57, 8B, F9, C7, 07, E4, 48, 45, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 7F, 64, 00, 00, 8B, F0, 46, 56, E8...
 
[+]

Entropy:
6.1546

Code size:
316 KB (323,584 bytes)

The file update.exe has been seen being distributed by the following URL.

http://autoload.bank.ecitic.com/ibankmate/.../update.exe

Scan update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.