× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1161da935966ff0f6628c0fe74f4d26ca301506bc2f3c8544e8f9ceff445758d
File name: Moo0_VoiceRecorder_v1.43_Installer.exe
Detection ratio: 0 / 57
Analysis date: 2015-03-04 07:01:32 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150304
AegisLab 20150304
Yandex 20150228
AhnLab-V3 20150303
Alibaba 20150304
ALYac 20150304
Antiy-AVL 20150304
Avast 20150304
AVG 20150304
Avira (no cloud) 20150304
AVware 20150304
Baidu-International 20150304
BitDefender 20150304
Bkav 20150303
ByteHero 20150304
CAT-QuickHeal 20150304
ClamAV 20150304
CMC 20150304
Comodo 20150304
Cyren 20150304
DrWeb 20150304
Emsisoft 20150304
ESET-NOD32 20150304
F-Prot 20150304
F-Secure 20150304
Fortinet 20150304
GData 20150304
Ikarus 20150304
Jiangmin 20150303
K7AntiVirus 20150304
K7GW 20150304
Kaspersky 20150304
Kingsoft 20150304
Malwarebytes 20150304
McAfee 20150304
McAfee-GW-Edition 20150304
Microsoft 20150304
eScan 20150304
NANO-Antivirus 20150304
Norman 20150304
nProtect 20150304
Panda 20150303
Qihoo-360 20150304
Rising 20150303
Sophos AV 20150304
SUPERAntiSpyware 20150303
Symantec 20150304
Tencent 20150304
TheHacker 20150303
TotalDefense 20150303
TrendMicro 20150304
TrendMicro-HouseCall 20150304
VBA32 20150303
VIPRE 20150304
ViRobot 20150304
Zillya 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) Moo0. All rights reserved.

Product Moo0 Installer
Original name Installer.exe
Internal name Installer.exe
File version 1.0.0.0
Description Moo0 Installer
Packers identified
F-PROT appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-18 16:06:19
Entry Point 0x000C439C
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
OpenProcessToken
RegSetValueExW
IsValidSid
GetSidIdentifierAuthority
GetUserNameW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
InitCommonControlsEx
GetFileTitleW
GetDIBColorTable
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
GetClipBox
GetRgnBox
SaveDC
GetPaletteEntries
CreateRectRgnIndirect
SetStretchBltMode
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateBitmap
StretchBlt
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
CreateDCW
CreateDIBSection
SetTextColor
DPtoLP
GetCurrentObject
RectVisible
ExtTextOutW
GetTextExtentPoint32W
BitBlt
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
StartDocW
ScaleViewportExtEx
EndPage
SelectObject
GetMapMode
SetDIBColorTable
SetWindowExtEx
GetTextColor
GetStretchBltMode
SetViewportExtEx
Escape
SetBkColor
GetBkColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetProfileIntW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
BeginUpdateResourceW
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetFileAttributesW
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
SetProcessWorkingSetSize
SetThreadPriority
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateEventW
GetFullPathNameW
GlobalAddAtomW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetFileInformationByHandle
ExitThread
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
lstrcpyW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GlobalLock
SetEvent
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
GetCPInfoExW
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
EnumSystemCodePagesW
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
EnumResourceTypesW
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
SetStdHandle
GetEnvironmentStrings
IsValidCodePage
HeapCreate
WriteFile
VirtualQuery
VirtualFree
Sleep
WriteConsoleW
VirtualAlloc
CompareStringA
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
Ord(716)
DragFinish
Ord(155)
Ord(190)
Shell_NotifyIconW
SHGetPathFromIDListW
DragAcceptFiles
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHFileOperationW
Ord(162)
SHGetMalloc
SHBrowseForFolderW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatByteSizeW
PathFindFileNameW
RedrawWindow
GetForegroundWindow
SetWindowRgn
GetMenuInfo
UnregisterHotKey
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
ClientToScreen
GetActiveWindow
RegisterHotKey
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
GetTopWindow
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
CreateIconFromResource
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
CreateCursor
CreateIconFromResourceEx
GetIconInfo
RegisterClassW
IsZoomed
GetWindowPlacement
DestroyWindow
DrawMenuBar
EnableMenuItem
GetSubMenu
GetScrollRange
SetTimer
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
SetClipboardViewer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
InvalidateRect
CheckMenuItem
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
SetForegroundWindow
GetAsyncKeyState
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
SetWindowContextHelpId
GetCapture
MessageBeep
SetFocus
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
DestroyIcon
EnumDisplayMonitors
IsWindowVisible
WinHelpW
GetDesktopWindow
SystemParametersInfoW
GetDC
SetRect
MonitorFromRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
SetMenu
RemovePropW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetGetConnectedState
InternetOpenW
HttpOpenRequestW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoUninitialize
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleFlushClipboard
RegisterDragDrop
RevokeDragDrop
CoRegisterMessageFilter
OleGetClipboard
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoInitializeSecurity
OleIsCurrentClipboard
CoTaskMemFree
OleUIBusyW
URLDownloadToCacheFileW
URLDownloadToFileW
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 12
IDR_ZIP 3
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
IDR_XML 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 49
ENGLISH US 18
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
2068480

ImageVersion
0.0

ProductName
Moo0 Installer

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Installer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2013:10:18 17:06:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Installer.exe

ProductVersion
1.0.0.0

FileDescription
Moo0 Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
(c) Moo0. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Moo0

CodeSize
1126400

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xc439c

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 0fee2a13b15f611744b9342b49914f0c
SHA1 b8250479c0ca3fbd29e0246bcd4f1b0ff567a478
SHA256 1161da935966ff0f6628c0fe74f4d26ca301506bc2f3c8544e8f9ceff445758d
ssdeep
49152:TEptKMb9eIxGphWCTgXQNRXm+lr0MWT4V9f986OnlqJIGAsf92VjROkfdfX:ctKMb9eIxC8LXQjX5ODoQlqJMGeHdfX

authentihash 9cf2b4f6eaf182e8817d7c795511f3c2266e6026778b8706138e7606ae4408ee
imphash b9c96a8434df46149bee33a6d2c11289
File size 3.1 MB ( 3198976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-22 12:51:16 UTC ( 4 years, 1 month ago )
Last submission 2017-12-11 11:00:25 UTC ( 3 days, 15 hours ago )
File names Installer.exe
Moo0_VoiceRecorder.exe
voicerecorder(v1.43).exe
VoiceRecorder v1.43.exe
0fee2a13b15f611744b9342b49914f0c.exe
Moo0_VoiceRecorder_v1.43.exe
Moo0_VoiceRecorder_v1.43_Installer Запись звука с нескольких источников.exe
Moo0_VoiceRecorder_v1.43_Installer.exe
Moo0_VoiceRecorder_v1.43_Installer_[www.programosy.pl].exe
Moo0_VoiceRecorder_v1.43.exe
Moo0%20VoiceRecorder%20v1.43%20Installer.exe
Moo0_VoiceRecorder_v1.43.exe
filename
Moo0_VoiceRecorder_v1.43_Installer.exe
Moo0_VoiceRecorder_v1.43_Installer (1).exe
Moo0_VoiceRecorder_v1.43_Installer (2).exe
Moo0 VoiceRecorder v1.43 Installer (3).exe
Moo0-VoiceRecorder-Installer.exe
Moo0 VoiceRecorder v1.43 Installer.exe
Moo0_VoiceRecorder_v1.43_1.0.0.1.exe
_錄音 Moo0_VoiceRecorder_v1.43_Installer.exe
moo0_voice recorder_v1.43_installer.exe
Moo0-VoiceRecorder143.exe
file-6148241_exe
Moo0_VoiceRecorder_v1.43_Installer(1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!