home

CoolGramS.EXE

CoolGramS Application

OSTEC Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CoolStartUp’.
Publisher:
OSTEC Corporation  (signed and verified)

Product:
CoolGramS Application

Description:
CoolGramS MFC Application

Version:
2, 0, 0, 10

MD5:
91fbad485c94fe26f31fe5a540070ca1

SHA-1:
24f57ac5f15618029b9401b2879f2d79aa982665

SHA-256:
78221c600b10ddc55ccf493bee89bb6b7698f0e33c265bc1d0aa938f44cc6bfc

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 12:47:54 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
SHeur3
2015.0.3489

Bkav FE
W32.Clod7c8.Trojan
1.3.0.4959

Comodo Security
Heur.Suspicious
17846

Dr.Web
Trojan.DownLoad2.15110
9.0.1.0119

NANO AntiVirus
Trojan.Win32.DownLoad2.utakr
0.28.0.58101

File size:
105.2 KB (107,728 bytes)

Product version:
2, 0, 0, 10

Copyright:
Copyright (C) 2005

Original file name:
CoolGramS.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ostec\coolgram\coolgrams.exe

Digital Signature
Signed by:
OSTEC Corporation

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
12/5/2008 2:00:00 AM

Valid to:
12/6/2009 1:59:59 AM

Subject:
CN=OSTEC Corporation, O=OSTEC Corporation, L=Incheon, S=Incheon, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1ED5A9DA35B7A08EF90FDE3B9639D725

File PE Metadata
Compilation timestamp:
9/20/2009 4:29:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:CpMHuyV2YdvkeIp96b9gZ9mm1IO7nToIftTJ6GKi1Gn49M:OQuQ2KketgZ9t/bTBftTJ6GKiInf

Entry address:
0x886C

Entry point:
55, 8B, EC, 6A, FF, 68, 38, CE, 40, 00, 68, 5C, 8A, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, C4, A1, 40, 00, 59, 83, 0D, C0, EA, 40, 00, FF, 83, 0D, C4, EA, 40, 00, FF, FF, 15, C0, A1, 40, 00, 8B, 0D, 8C, EA, 40, 00, 89, 08, FF, 15, BC, A1, 40, 00, 8B, 0D, 88, EA, 40, 00, 89, 08, A1, B8, A1, 40, 00, 8B, 00, A3, BC, EA, 40, 00, E8, 80, 01, 00, 00, 39, 1D, 80, E7, 40, 00, 75, 0C, 68, 58, 8A, 40, 00, FF, 15, B4, A1...
 
[+]

Entropy:
5.4588

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
36 KB (36,864 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CoolStartUp

Command:
C:\Program Files\ostec\coolgram\coolgrams.exe


Scan CoolGramS.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.