ChatWorkLive.exe

AddLive

LiveFoundry Inc

This is a setup and installation application. The file has been seen being downloaded from d36pfzlm4aixmv.cloudfront.net.
Publisher:
LiveFoundry Inc.  (signed by LiveFoundry Inc)

Product:
AddLive

Description:
ChatWork Live Installer

Version:
3.0.2.17

MD5:
2105becd6534f27c76a56fe0545d389d

SHA-1:
8ff56239f69705116b33b8d0b471eac58a6240a2

SHA-256:
c45f9f965cfd433544b065775b8f6bbc494a7a0a0364dce13b6fbd0e1b6a6548

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 2:44:44 AM UTC  (today)

File size:
3.5 MB (3,695,392 bytes)

Product version:
3.0.2.17

Original file name:
ChatWorkLive.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\chatworklive.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
11/12/2013 1:35:22 AM

Valid to:
12/13/2014 1:35:22 AM

Subject:
E=support@addlive.com, CN=LiveFoundry Inc, OU=IT, O=LiveFoundry Inc, L=San Francisco, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218D939EB8AA1288251431A51B0841932F

File PE Metadata
Compilation timestamp:
10/27/2014 12:34:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:oZLKzH2ryll1MFQh0uaUQEUUfoO5SC4OC1S1YDcmIKUZYaCddZfXWVxE3Y/ErpLa:oFeHrll2FRU9UU55SC4Ov5GLFWk3p9G

Entry address:
0x5F473

Entry point:
E8, 40, C0, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 1A, 3F, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, 06, FC, FF, FF, 33, DB, 39, 5D, 08, 75, 2B, E8, 14, 4B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 18, F9, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, EB, 5D, 39, 5D, 0C, 74, D0, 8B, 45, F0, 8B, 48, 10, 3B, CB, 75, 0F, FF, 75, 0C...
 
[+]

Entropy:
7.7924  (probably packed)

Code size:
564.5 KB (578,048 bytes)

The file ChatWorkLive.exe has been seen being distributed by the following URL.

Scan ChatWorkLive.exe - Powered by Reason Core Security