× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b12224ba78fc0c86c500200c982c140060f8b3233eaf164b968242b8efca37fe
File name: JabberVideoSetup4.8.12.exe
Detection ratio: 0 / 66
Analysis date: 2018-11-09 06:28:03 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181109
AegisLab 20181109
AhnLab-V3 20181108
Alibaba 20180921
ALYac 20181109
Antiy-AVL 20181109
Arcabit 20181109
Avast 20181109
Avast-Mobile 20181108
AVG 20181109
Avira (no cloud) 20181109
Babable 20180918
Baidu 20181109
BitDefender 20181109
Bkav 20181108
CAT-QuickHeal 20181108
ClamAV 20181108
CMC 20181109
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181109
Cyren 20181109
DrWeb 20181109
Emsisoft 20181109
Endgame 20181108
ESET-NOD32 20181109
F-Prot 20181109
F-Secure 20181109
Fortinet 20181109
GData 20181109
Ikarus 20181108
Sophos ML 20181108
Jiangmin 20181109
K7AntiVirus 20181109
K7GW 20181109
Kaspersky 20181109
Kingsoft 20181109
Malwarebytes 20181109
MAX 20181109
McAfee 20181109
McAfee-GW-Edition 20181109
Microsoft 20181109
eScan 20181109
NANO-Antivirus 20181109
Palo Alto Networks (Known Signatures) 20181109
Panda 20181108
Qihoo-360 20181109
Rising 20181109
SentinelOne (Static ML) 20181011
Sophos AV 20181109
SUPERAntiSpyware 20181107
Symantec 20181108
Symantec Mobile Insight 20181108
TACHYON 20181109
Tencent 20181109
TheHacker 20181108
TrendMicro 20181109
TrendMicro-HouseCall 20181109
Trustlook 20181109
VBA32 20181108
VIPRE 20181108
ViRobot 20181109
Webroot 20181109
Yandex 20181108
Zillya 20181108
ZoneAlarm by Check Point 20181109
Zoner 20181109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Cisco Systems, Inc. and/or its affiliates

Product Cisco Jabber Video for TelePresence
Original name InstallShield Setup.exe
Internal name Setup
File version 4.8.12.18951
Description Setup Launcher
Signature verification Signed file, verified signature
Signing date 7:20 AM 8/10/2015
Signers
[+] Cisco Systems, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 4/2/2014
Valid to 12:59 AM 6/1/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 578A239256DA1C0BDF15B27D0F049598339B2B7D
Serial number 72 95 C1 A3 5B 36 02 C5 76 09 6B 69 43 8C D7 EA
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-05 20:39:52
Entry Point 0x00068208
Number of sections 4
PE sections
Overlays
MD5 c7b408fb4c668a5e7721c578cb2e5c9a
File type data
Offset 1530368
Size 13967912
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
GetSystemPaletteEntries
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SetBkMode
CreateFontIndirectW
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
UnrealizeObject
CreateCompatibleDC
CreateFontW
SelectObject
CreateSolidBrush
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
SetEvent
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetCPInfo
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTempPathW
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
CompareStringA
VarUI4FromStr
VarBstrCat
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
CreateErrorInfo
SysAllocStringLen
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocString
SysReAllocStringLen
RegisterTypeLib
LoadTypeLib
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SetErrorInfo
UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
SetFocus
EndPaint
CreateDialogIndirectParamW
IntersectRect
EndDialog
BeginPaint
SetWindowTextW
TranslateMessage
DefWindowProcW
MoveWindow
KillTimer
CharPrevW
PostQuitMessage
ShowWindow
GetMessageW
SetWindowPos
wvsprintfW
GetDesktopWindow
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
CharUpperW
GetWindowDC
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
RegisterClassW
wsprintfW
SubtractRect
SetTimer
GetDlgItem
GetDlgItemTextW
MessageBoxW
FindWindowW
ClientToScreen
SetRect
CharNextW
LoadImageW
IsDialogMessageW
FillRect
GetClientRect
WaitForInputIdle
SetDlgItemTextW
GetSysColorBrush
DialogBoxIndirectParamW
LoadCursorW
LoadIconW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
GetRunningObjectTable
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 46
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
828928

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.8.12.18951

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Setup Launcher

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

InternalBuildNumber
99584

ISInternalVersion
17.0.717

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.8.12.18951

TimeStamp
2010:10:05 21:39:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
4.8.12.18951

SubsystemVersion
5.0

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.0

EntryPoint
0x68208

FileOS
Win32

LegalCopyright
Cisco Systems, Inc. and/or its affiliates

MachineType
Intel 386 or later, and compatibles

CompanyName
Cisco Systems, Inc.

CodeSize
700416

ProductName
Cisco Jabber Video for TelePresence

ProductVersionNumber
4.8.12.18951

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 07488a0756fbd7fd199c981adc983b2a
SHA1 0a5dc9abe0768cab0d6442250b89ffbd1134b328
SHA256 b12224ba78fc0c86c500200c982c140060f8b3233eaf164b968242b8efca37fe
ssdeep
393216:9zyFIJDvDNXlBwJzP+AzW41eiGWnIlSi5D:9uFIjkzP9iEeiHnIlSiN

authentihash 7b7cce336f214b986bd2089f7affa3da2379cce32f8bb75d744e315b06fb4fc4
imphash f18e688283da41095f81f4c165a6dcf3
File size 14.8 MB ( 15498280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (26.8%)
Win32 EXE PECompact compressed (generic) (25.8%)
Win32 Executable MS Visual C++ (generic) (19.4%)
Win64 Executable (generic) (17.2%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-10-02 18:19:48 UTC ( 3 years, 6 months ago )
Last submission 2017-05-29 10:21:56 UTC ( 1 year, 10 months ago )
File names InstallShield Setup.exe
JabberVideoSetup4.8.12.exe
JabberVideoSetup4.8.12.exe
Setup
JabberVideoSetup4.8.12.exe
filename
JabberVideoSetup4.8.12.exe
JabberVideoSetup4.8.12.exe
JABBER~1.EXE
JabberVideoSetup4.8.12.exe
JabberVideoSetup4.8.12.exe
JabberVideoSetup4.8.12.exe
JabberVideoSetup4.8.12.exe
jabbervideosetup4.8.12.exe.875ra84.partial
jabber-current.exe
JabberVideoSetup4.8.12.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections