× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9d797409c79872aa9748ec0e7255d5260d2dd0c3e7bf9676bfca1b52e512f07
File name: OOSafeEraseProfessional12ENU.exe
Detection ratio: 1 / 68
Analysis date: 2018-02-23 11:12:32 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Cylance Unsafe 20180223
Ad-Aware 20180223
AegisLab 20180223
AhnLab-V3 20180223
Alibaba 20180223
ALYac 20180223
Antiy-AVL 20180223
Arcabit 20180223
Avast 20180223
Avast-Mobile 20180222
AVG 20180223
Avira (no cloud) 20180223
AVware 20180223
Baidu 20180208
BitDefender 20180223
Bkav 20180223
CAT-QuickHeal 20180223
ClamAV 20180223
CMC 20180223
Comodo 20180223
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cyren 20180223
DrWeb 20180223
eGambit 20180223
Emsisoft 20180223
Endgame 20180216
ESET-NOD32 20180223
F-Prot 20180223
F-Secure 20180223
Fortinet 20180223
GData 20180223
Ikarus 20180223
Sophos ML 20180121
Jiangmin 20180223
K7AntiVirus 20180223
K7GW 20180223
Kaspersky 20180223
Kingsoft 20180223
Malwarebytes 20180223
MAX 20180223
McAfee 20180221
McAfee-GW-Edition 20180223
Microsoft 20180223
eScan 20180223
NANO-Antivirus 20180223
nProtect 20180223
Palo Alto Networks (Known Signatures) 20180223
Panda 20180222
Qihoo-360 20180223
Rising 20180223
SentinelOne (Static ML) 20180115
Sophos AV 20180223
SUPERAntiSpyware 20180223
Symantec 20180223
Symantec Mobile Insight 20180220
Tencent 20180223
TheHacker 20180219
TotalDefense 20180223
TrendMicro 20180223
TrendMicro-HouseCall 20180223
Trustlook 20180223
VBA32 20180222
VIPRE 20180223
ViRobot 20180223
Webroot 20180223
WhiteArmor 20180223
Yandex 20180222
Zillya 20180223
ZoneAlarm by Check Point 20180223
Zoner 20180223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright O&O Software GmbH

Product O&O SafeErase Professional
Internal name OOLiveUpdate.exe
File version 10.0.0.0
Description O&O SafeErase Professional
Comments 1033
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-23 09:52:03
Entry Point 0x00161B04
Number of sections 8
PE sections
PE imports
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
DuplicateHandle
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LocalAlloc
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
WriteFile
GetProfileIntW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
IsWow64Process
ResumeThread
RtlUnwind
FreeLibraryAndExitThread
CreateEventW
LoadResource
GlobalHandle
AllocConsole
InterlockedDecrement
GetFullPathNameW
OutputDebugStringA
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
VerSetConditionMask
LoadLibraryExA
SetThreadPriority
GetUserDefaultLCID
FindClose
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GlobalGetAtomNameW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
WaitForSingleObjectEx
GlobalFindAtomW
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
LCMapStringW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
SetEvent
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
VirtualQuery
lstrlenW
WinExec
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
UnhandledExceptionFilter
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
TlsGetValue
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
DocumentPropertiesW
ClosePrinter
OpenPrinterW
strncmp
LdrUnloadDll
RtlInitUnicodeString
memset
wcschr
LdrLoadDll
toupper
isdigit
isalpha
towupper
strlen
wcspbrk
strchr
RtlInitString
floor
sqrt
wcslen
wcscmp
abs
wcsncat
towlower
memcmp
iswalpha
mbstowcs
sin
_wcsicmp
tolower
wcsncpy
ceil
labs
islower
wcscspn
atoi
wcsncmp
strrchr
memcpy
cos
memmove
wcsspn
wcstombs
LdrGetProcedureAddress
wcsrchr
iswdigit
wcsstr
iswspace
_strnicmp
_wtol
isupper
isspace
_wtoi
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 7
RT_DIALOG 3
RT_BITMAP 3
RT_VERSION 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 50
NEUTRAL 10
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
1033

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
O&O SafeErase Professional

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
977920

EntryPoint
0x161b04

MIMEType
application/octet-stream

LegalCopyright
Copyright O&O Software GmbH

FileVersion
10.0.0.0

TimeStamp
2018:01:23 10:52:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OOLiveUpdate.exe

OLESelfRegister
no

ProductVersion
12.0.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
O&O Software GmbH

CodeSize
1675264

ProductName
O&O SafeErase Professional

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c5681bac9616f29b9d93e71f6264de5f
SHA1 486f0894f6e3a53d12f270501d2dc41be2564de8
SHA256 b9d797409c79872aa9748ec0e7255d5260d2dd0c3e7bf9676bfca1b52e512f07
ssdeep
49152:e0oXsIniYJQm46d8AN32LnOvcXdYr8EJRRAejE1sNSRaI/+:e5XsIniYmv6d1N32CvcXur8EJ9jE1sNS

authentihash 70f135c82079830aaf3df66f3d273afb5bf96f70dfe63d134e4593269bedf2f6
imphash 2cbca926c7abb0a5c46eecef9d6487bc
File size 2.5 MB ( 2654208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-23 17:52:12 UTC ( 1 year, 2 months ago )
Last submission 2018-04-18 23:53:42 UTC ( 1 year ago )
File names flareFile
OOLiveUpdate.exe
OOSafeEraseProfessional12ENU.exe
OOSafeEraseProfessional12ENU.exe
OOSafeEraseProfessional12ENU.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections