ybjc.exe

eyehelper

SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD

The executable ybjc.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ybjc’.
Publisher:
eyehelper   (signed by SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD)

Product:
eyehelper

Version:
1.15.105.1

MD5:
4aecc24a2aeb75ed4c061f82c5f882ad

SHA-1:
051057b7f06763d69e690b767e727648ecd57314

SHA-256:
cfb9abe7637106773b3f16220eb1c4564037566dfbab0328a0d53154e73e1a54

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/18/2024 9:37:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.15.5

File size:
544 KB (557,008 bytes)

Product version:
1.15.105.1

Copyright:
Copyright (C) 2015

Original file name:
eyehelper

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ybjc_201510071942\201510071942\ybjc.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
5/5/2015 4:47:23 PM

Valid to:
6/5/2016 5:47:23 PM

Subject:
CN="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", O="SHENGJUGUANG ONLINE INFORMATION TECHNOLOGY CO., LTD", L=Nanning, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
153E5FD641E989DBE701EE17BA3579EE

File PE Metadata
Compilation timestamp:
10/5/2015 5:56:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:rdUwGengscrCORg658Wj+5Ht88k97ZOTu0/MiC:rdUwGegscrCORg6545Ht8z97ZMusMiC

Entry address:
0x3F418

Entry point:
E8, 16, 05, 00, 00, E9, 6B, FD, FF, FF, FF, 25, DC, D4, 44, 00, FF, 25, D8, D4, 44, 00, FF, 25, B8, D4, 44, 00, FF, 25, B4, D4, 44, 00, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 83, 3D, 58, 2E, 47, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 58, 2E, 47, 00, 00, 74, 11, 83, EC, 04...
 
[+]

Entropy:
6.3519

Code size:
301.5 KB (308,736 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ybjc

Command:
C:\Program Files\ybjc_201510071942\201510071942\ybjc.exe -mini


Remove ybjc.exe - Powered by Reason Core Security