home

eocPhoneTool.exe

ESTOS Phone Tools for Communicator

Estos GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘eocPhoneTool’.
Publisher:
Estos GmbH  (signed and verified)

Product:
ESTOS Phone Tools for Communicator

Version:
1.0.0.4

MD5:
a0fcb9b99fbe61e0d9a9b12097a7590a

SHA-1:
40c4cf3a9bb29c5c079d151fd908ad1ed5b8b07a

SHA-256:
8d6e6f6c2c3034fc3994f14380c60191ac8778ce9c8ff0457cd1284ea63274b3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 3:12:08 AM UTC  (today)

File size:
828.7 KB (848,568 bytes)

Product version:
1.0.0.4

Copyright:
(c)2006 ESTOS GmbH. All rights reserved.

Original file name:
eocPhoneTool.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\estos\phonetoolscommunicator\eocphonetool.exe

Digital Signature
Signed by:
Estos GmbH

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/4/2008 1:00:00 AM

Valid to:
4/19/2010 1:59:59 AM

Subject:
CN=Estos GmbH, OU=APPLICATION DEVELOPMENT, O=Estos GmbH, L=Starnberg, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
2FB65ACB4028EFF1570C4E0FB05D1A70

File PE Metadata
Compilation timestamp:
4/23/2008 6:16:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:VCxgai1DrpJoosXlclmOFLGBF1V9eAzDayAnAEXvi3jmkcVTLP:+2hGFeQeiE/ccVv

Entry address:
0x51B9F

Entry point:
E8, 15, 81, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, 50, 6D, 48, 00, E8, 98, 81, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, 7A, C5, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, 5C, 52, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 39, 66, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 28, 0A, 00, 00, 83, C4, 14, 8B, C6, EB...
 
[+]

Entropy:
6.4632

Code size:
484 KB (495,616 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eocPhoneTool

Command:
"C:\Program Files\estos\phonetoolscommunicator\eocphonetool.exe" -autostart


Scan eocPhoneTool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.