× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ab45385d7de451da2d078811d9bd3855e53985a4ed9f303bf54b30e12b584fd
File name: ooVooSetup.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-03 06:13:34 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu 20160402
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160403
F-Prot 20160403
F-Secure 20160403
Fortinet 20160403
GData 20160403
Ikarus 20160403
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
ooVoo

Product ooVoo
Original name ooVooSetup.exe
Internal name ooVooSetup.exe
File version 3,6,1,27
Description ooVoo Setup
Signature verification Signed file, verified signature
Signing date 2:08 PM 11/27/2014
Signers
[+] ooVoo LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 5/1/2014
Valid to 12:59 AM 5/1/2016
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1FF220D698980BA5654E227C1BD1E633FA628963
Serial number 43 86 41 BD EE 00 67 28 26 8E 6C 74 6F 50 95 C6
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 13:09:32
Entry Point 0x0004628E
Number of sections 6
PE sections
Overlays
MD5 1afc8ae1352b3f14a08a5410c74b793d
File type data
Offset 2382336
Size 5664
Entropy 7.37
PE imports
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetTextMetricsW
CreateFontIndirectW
GetClipBox
CreatePen
SaveDC
CreateRectRgnIndirect
CombineRgn
SetStretchBltMode
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetCurrentObject
FillRgn
ExtTextOutW
GetTextExtentPoint32W
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
SelectObject
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetAdaptersInfo
SetThreadLocale
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InterlockedPushEntrySList
GetTimeZoneInformation
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
CopyFileW
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
RaiseException
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateThread
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
GetModuleHandleExW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
LeaveCriticalSection
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
GetTimeFormatW
WriteFile
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
SetEndOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
AlphaBlend
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLib
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
DispCallFunc
VariantCopy
GetErrorInfo
SysFreeString
LoadTypeLib
VariantInit
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
PathRenameExtensionW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionW
SetFocus
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
IsIconic
RedrawWindow
GetWindow
BeginPaint
SetWindowTextW
OffsetRect
DefWindowProcW
ReleaseCapture
GetCapture
GetParent
KillTimer
GetWindowTextW
GetMessageW
PostQuitMessage
ShowWindow
GetSystemMetrics
SetWindowPos
EndPaint
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
InflateRect
EnableWindow
SetCapture
MoveWindow
WindowFromPoint
CopyRect
TranslateMessage
IsWindowEnabled
GetFocus
PostMessageW
GetSysColor
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
SetClassLongW
GetWindowLongW
PtInRect
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
SystemParametersInfoW
MessageBoxW
ClientToScreen
DispatchMessageW
ScreenToClient
SetRect
InvalidateRect
SetTimer
SetRectEmpty
GetClassNameW
UnregisterClassW
IsDialogMessageW
FillRect
FindWindowW
AttachThreadInput
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
LoadIconW
GetWindowTextLengthW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
InvalidateRgn
DrawTextW
CharNextW
CallWindowProcW
IsChild
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetConnectW
InternetWriteFile
InternetReadFile
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW
InternetErrorDlg
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
getaddrinfo
shutdown
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getpeername
WSAGetLastError
gethostname
getsockopt
recv
ntohl
inet_addr
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
getnameinfo
closesocket
setsockopt
socket
bind
recvfrom
sendto
getservbyname
Ord(1)
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode
GdipCreateFromHDC
GdiplusShutdown
GdipDisposeImage
GdipCreatePath
GdipAddPathLine
GdipDrawArc
GdiplusStartup
GdipDeleteGraphics
GdipFillPath
GdipFillRectangle
GdipSetPixelOffsetMode
GdipCreatePen1
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipDeletePath
GdipDeletePen
GdipCloneBrush
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipClosePathFigure
GdipCloneImage
GdipGetImagePixelFormat
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CLSIDFromProgID
CLSIDFromString
OleRun
OleInitialize
CoTaskMemFree
StringFromGUID2
CoGetClassObject
Number of PE resources by type
PNG 16
LANG 10
RT_DIALOG 10
RT_ICON 3
GIF 2
XML 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 46
PE resources
ExifTool file metadata
SpecialBuild
$(BuildDefinitionName)_$(Date:yyyyMMdd)$(Rev:.r)

CodeSize
743936

SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.1.27

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ooVoo Setup

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
1651200

EntryPoint
0x4628e

OriginalFileName
ooVooSetup.exe

MIMEType
application/octet-stream

LegalCopyright
ooVoo

FileVersion
3,6,1,27

TimeStamp
2014:11:27 14:09:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ooVooSetup.exe

ProductVersion
3,6,1,0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ooVoo LLC

LegalTrademarks
ooVoo

ProductName
ooVoo

ProductVersionNumber
3.6.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 e2d692716eb08e6ff33cd1c38ac222cc
SHA1 e1836f71b3238d80e2e1ae15eb03957aae0e07b7
SHA256 4ab45385d7de451da2d078811d9bd3855e53985a4ed9f303bf54b30e12b584fd
ssdeep
49152:dxyZBh5qOSBAyhu6WOGeRN6vQQJBAZucAiMPof7WU/ZahPzurnb2O:mPc8eRg4Em4c1yKW0np

authentihash 50a69a9b6065a324ab2eb001b012b873cf67a2771614d81b00ff371dafa05677
imphash fe79eb5cd90803af7b63ec3104efcd73
File size 2.3 MB ( 2388000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe software-collection signed overlay

VirusTotal metadata
First submission 2014-11-27 23:17:53 UTC ( 3 years, 11 months ago )
Last submission 2018-09-27 14:41:32 UTC ( 1 month, 3 weeks ago )
File names ooVoo 3.6.7.19.exe
ooVooSetup.exe
oovoo_3-6-9-10_fr_62320.exe
ooVooSetup_2.exe
bf9ad80e0d3f7dd2931581bf408d762f8fb48bcae17ef865f5ed6d6b17393471057e6388a4d54e9a0a72ec976a849cfe0a05e81883284d52cff6935f320df72f
ooVoosetup.exe
ooVooSetup - true.exe
ooVooSetup3.6.6.26.exe
e2d692716eb08e6ff33cd1c38ac222cc-ooVooSetup.exe
ooVooSetup-3.7.1.13.exe
590717
B126.exe
E1836F71B3238D80E2E1AE15EB03957AAE0E07B7
oovoo-1456-jetelecharge.exe
oovoosetup.exe
ooVooSetup.exe
ooVooSetup-36910.exe
$RLO5Y6K-4191431b-8f83-44b8-a73c-1a6009764ec8.exe
ooVooSetup-3.7.1.13.exe
0 (15).exe
ooVooSetup.exe
ooVoo.exe
35C3.exe
filename
ooVooSetup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections