home

8264.exe

ooVoo

ooVoo LLC

This is a self-extracting archive and installer. The file has been seen being downloaded from letoltes.szoftverbazis.hu and multiple other hosts.
Publisher:
ooVoo LLC  (signed and verified)

Product:
ooVoo

Description:
ooVoo Setup

Version:
3,0,12,21

MD5:
4a39aefc2af5f1d76ee16b0e68aedc66

SHA-1:
4388c3ca62682c8da3b2c8bb74359c1112fa1c20

SHA-256:
c569a1c21bac51a9a94415036328624a5259c2c70c68ba3865b905cf645ff754

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/7/2024 8:39:48 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Swrort-7435
0.98/18155

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
1.1 MB (1,143,888 bytes)

Product version:
3,0,12,0

Copyright:
ooVoo

Trademarks:
ooVoo

Original file name:
ooVooSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\8264.exe

Digital Signature
Signed by:
ooVoo LLC

Authority:
Thawte, Inc.

Valid from:
7/7/2011 4:30:00 AM

Valid to:
5/31/2014 4:29:59 AM

Subject:
CN=ooVoo LLC, OU=Secure Application Development, O=ooVoo LLC, L=New York, S=New York, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
63BD8898DCCDF686998F18F63F5A136E

File PE Metadata
Compilation timestamp:
12/6/2011 3:49:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:wGtI/FPzo0fv5doZSv+tOSr0sn+vYaRsbmZfau/OGpgROzxq:KhRZdortD0sn+Lu6fROGeROI

Entry address:
0x47694

Entry point:
E8, FF, B5, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, 33, F6, 33, C0, 57, 39, 75, 10, 0F, 84, CD, 00, 00, 00, 8B, 5D, 08, 3B, DE, 75, 22, E8, E5, 1C, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 6D, 1C, 00, 00, 83, C4, 14, B8, FF, FF, FF, 7F, E9, A4, 00, 00, 00, 8B, 7D, 0C, 3B, FE, 74, D7, FF, 75, 14, 8D, 4D, F0, E8, C3, B9, FF, FF, 8B, 45, F0, 39, 70, 14, 75, 3F, 0F, B7, 03, 66, 83, F8, 41, 72, 09, 66, 83, F8, 5A, 77, 03, 83, C0, 20, 0F, B7, F0, 0F, B7, 07, 66, 83, F8...
 
[+]

Entropy:
7.3680

Code size:
384 KB (393,216 bytes)

The file 8264.exe has been seen being distributed by the following 4 URLs.

http://letoltes.szoftverbazis.hu/hNT4IrasrVmTS07c5T4s4w/1460993884/.../ooVooSetup.exe

http://www.downloadoovoo.net/.../ooVooSetup.exe

http://download.cdn.oovoo.com/.../ooVooSetup.exe

http://cdn01.oovoo.com/.../ooVooSetup.exe

Scan 8264.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.