× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 172a49ccd75202f23f6b9f86aa5335e853a363fafa48897f575aa4155298a013
File name: ManyCamWebInstaller-56.exe
Detection ratio: 0 / 47
Analysis date: 2016-12-14 08:32:15 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20161214
AegisLab 20161214
AhnLab-V3 20161214
Alibaba 20161214
ALYac 20161214
Antiy-AVL 20161214
Arcabit 20161214
Avast 20161214
AVG 20161214
Avira (no cloud) 20161214
AVware 20161214
Baidu 20161207
BitDefender 20161214
Bkav 20161213
CAT-QuickHeal 20161214
ClamAV 20161214
CMC 20161214
Comodo 20161213
CrowdStrike Falcon (ML) 20161024
Cyren 20161214
DrWeb 20161214
Emsisoft 20161214
ESET-NOD32 20161214
F-Prot 20161214
F-Secure 20161214
Fortinet 20161214
GData 20161214
Sophos ML 20161202
Jiangmin 20161214
K7AntiVirus 20161214
K7GW 20161214
Kaspersky 20161214
Kingsoft 20161214
Malwarebytes 20161214
McAfee 20161214
McAfee-GW-Edition 20161214
Microsoft 20161214
eScan 20161214
NANO-Antivirus 20161214
nProtect 20161214
Panda 20161213
Qihoo-360 20161214
Rising 20161214
Sophos AV 20161214
SUPERAntiSpyware 20161214
Symantec 20161214
Tencent 20161214
TheHacker 20161212
TrendMicro 20161214
TrendMicro-HouseCall 20161214
Trustlook 20161214
VBA32 20161213
VIPRE 20161214
ViRobot 20161214
WhiteArmor 20161212
Yandex 20161213
Zillya 20161213
Zoner 20161214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) 2006-2016 Visicom Media Inc.

Product ManyCam Virtual Webcam
File version 5.6.0.12
Description ManyCam Virtual Webcam
Signature verification Signed file, verified signature
Signing date 12:54 PM 12/9/2016
Signers
[+] ManyCam (VISICOM MÉDIA INC.)
Status Valid
Issuer Symantec Class 3 Extended Validation Code Signing CA - G2
Valid from 1:00 AM 3/1/2016
Valid to 12:59 AM 3/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 81ABD8F5E29055D721A37F974E736A23A4CAA807
Serial number 04 1C 31 9E DA 4F 52 40 F1 80 2B A4 71 E1 1B B9
[+] Symantec Class 3 Extended Validation Code Signing CA - G2
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 3/4/2014
Valid to 12:59 AM 3/4/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5B8F88C80A73D35F76CD412A9E74E916594DFA67
Serial number 19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G1
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 4/12/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 87CECC250809894434D4BE53CE840F6F9DBD4B06
Serial number 54 F3 7D A1 71 67 51 BC 6A 8D 0A D2 74 B2 8B 13
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 1/12/2016
Valid to 12:59 AM 1/12/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 1:00 AM 4/2/2008
Valid to 12:59 AM 12/2/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT NSIS, appended, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:09
Entry Point 0x0000326C
Number of sections 5
PE sections
Overlays
MD5 bf3326c582e961cbc3936848df75e232
File type data
Offset 61440
Size 67755416
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 8
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
5.6.0.12

UninitializedDataSize
1024

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
120320

EntryPoint
0x326c

MIMEType
application/octet-stream

LegalCopyright
(c) 2006-2016 Visicom Media Inc.

FileVersion
5.6.0.12

TimeStamp
2016:04:02 04:20:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.6.0.12

FileDescription
ManyCam Virtual Webcam

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Visicom Media Inc.

CodeSize
24064

ProductName
ManyCam Virtual Webcam

ProductVersionNumber
5.6.0.12

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 577403a2f949ba89216c120e6415edaa
SHA1 bc59ce66742572fe0f04f919eaef024031f79f65
SHA256 172a49ccd75202f23f6b9f86aa5335e853a363fafa48897f575aa4155298a013
ssdeep
1572864:0cLpGyWqOWIehZZw3A7NTD7r7kZZ/MUpxxfu4mTvL7jLXf:q6/wwhbfu0UpTu4mTnf

authentihash c708292b94f398ae34d3334332839a1b4e93b805107a25c73808f63966b716a8
imphash b1a57b635b23ffd553b3fd1e0960b2bd
File size 64.7 MB ( 67816856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2016-12-10 10:55:53 UTC ( 7 months, 2 weeks ago )
Last submission 2017-01-07 14:30:22 UTC ( 6 months, 2 weeks ago )
File names Baixaki_manycam-virtual-webcam [1].exe
ManyCamWebInstaller.exe
ManyCamWebInstaller.exe
ManyCamSetup.exe
ManyCamWebInstaller-56.exe
943340
ManyCamWebInstaller (2).exe
ManyCamSetup.exe
wSetup.exe
wsetup.exe
ManyCamWebInstaller (1).exe
wSetup.exe
ManyCam 5.6.0.12.exe
172A49CCD75202F23F6B9F86AA5335E853A363FAFA48897F575AA4155298A013.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!