home

devalvr_installer.exe

DevalVR 3D plugin instalation

Phoscode SL

This is a self-extracting archive and installer. This is the uninstaller utility registered in the Windows Control Panel for the program DevalVR plugin for Mozilla and compatible browsers. The file has been seen being downloaded from www.devalvr.com and multiple other hosts.
Publisher:
www.devalvr.com  (signed by Phoscode SL)

Product:
DevalVR 3D plugin instalation

Version:
0.9.1.4

MD5:
e62e8af09d944f2acf62f8e473782922

SHA-1:
b991e7deec2f436aa5d7a199c76704c254a10d1d

SHA-256:
db86c8f2de173806a0c38f07c70d712cfe6b9776cf191c1a7c37701c48116ec6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:21:52 AM UTC  (today)

File size:
762.4 KB (780,688 bytes)

Product version:
0.9.1.4

Copyright:
Copyleft (C) 2010 Phoscode s.l.

Original file name:
installNPDevalVR.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\devalvr_installer.exe

Digital Signature
Signed by:
Phoscode SL

Authority:
COMODO CA Limited

Valid from:
1/17/2013 5:30:00 AM

Valid to:
1/18/2018 5:29:59 AM

Subject:
CN=Phoscode SL, O=Phoscode SL, STREET=Calle Diego de Velazquez 1 - 3 K, L=Villamediana de Iregua, S=La Rioja, PostalCode=26142, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B25A4B2751600A88986461D3A9C2DC58

File PE Metadata
Compilation timestamp:
2/11/2014 6:40:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:N+sLiC4pEuLkMfw/UobIb/JKRDGS3ZOIPKQG8GLccjVUMBg+yyIC5K7JQdV6LxLp:gsLfU8cobw+GghK98GnjVUMBCyT47JQQ

Entry address:
0x4BA0

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 69, 40, 00, 68, 72, 4F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, C0, 62, 40, 00, 59, 83, 0D, 74, D3, 40, 00, FF, 83, 0D, 78, D3, 40, 00, FF, FF, 15, C4, 62, 40, 00, 8B, 0D, 68, D3, 40, 00, 89, 08, FF, 15, C8, 62, 40, 00, 8B, 0D, 64, D3, 40, 00, 89, 08, A1, CC, 62, 40, 00, 8B, 00, A3, 70, D3, 40, 00, E8, 60, 03, 00, 00, 39, 1D, C0, 9F, 40, 00, 75, 0C, 68, 6E, 4F, 40, 00, FF, 15...
 
[+]

Entropy:
7.9120

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Program Uninstaller
Program name:
DevalVR plugin for Mozilla and compatible browsers

Uninstall string:
C:\ProgramData\DevalVR\installnpdevalvr.exe /u


The file devalvr_installer.exe has been seen being distributed by the following 2 URLs.

http://www.devalvr.com/install

http://www.devalvr.com/.../

Scan devalvr_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.