home

FirstStart.EXE

OLYMPUS Viewer 3

OLYMPUS CORPORATION

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OV3_Monitor’.
Publisher:
OLYMPUS CORPORATION  (signed and verified)

Product:
OLYMPUS Viewer 3

Description:
resident module - First Starter

Version:
2, 0, 1, 5

MD5:
4c894f858eefdf32dd97bfc6ecae0d09

SHA-1:
31401c1686bce0ca767c050aad4a4399232435ed

SHA-256:
002defe22e329c05a102e48d2088af7238dcf1ceeeb4fd9e25aeee8454a4c854

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/21/2024 7:19:32 PM UTC  (today)

File size:
39.5 KB (40,472 bytes)

Product version:
2, 0, 1, 5

Copyright:
Copyright (C) 2012-2016 Olympus Corporation

Original file name:
FirstStart.EXE

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\olympus\olympus viewer 3\firststart.exe

Digital Signature
Signed by:
OLYMPUS CORPORATION

Authority:
Symantec Corporation

Valid from:
4/1/2015 1:00:00 AM

Valid to:
4/1/2016 12:59:59 AM

Subject:
CN=OLYMPUS CORPORATION, OU=Audio Business Dept., O=OLYMPUS CORPORATION, L="2951 Ishikawa-cho, Hachioji-shi", S=Tokyo, C=JP

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2C4BD4570335872C1D7FAA0FED02DD3C

File PE Metadata
Compilation timestamp:
3/3/2016 7:21:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
384:0VLglzC8E7fdcaoEc/5vQnSeFhQ5+WShmcfbdcB2ZvEDHwb0nuAZINIP+fXNmOMg:0VEB32nzhzNEDQAnVZBANdMRIZMM1

Entry address:
0x1380

Entry point:
E8, AA, 15, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, 9C, 40, 00, 89, 0D, 34, 9C, 40, 00, 89, 15, 30, 9C, 40, 00, 89, 1D, 2C, 9C, 40, 00, 89, 35, 28, 9C, 40, 00, 89, 3D, 24, 9C, 40, 00, 66, 8C, 15, 50, 9C, 40, 00, 66, 8C, 0D, 44, 9C, 40, 00, 66, 8C, 1D, 20, 9C, 40, 00, 66, 8C, 05, 1C, 9C, 40, 00, 66, 8C, 25, 18, 9C, 40, 00, 66, 8C, 2D, 14, 9C, 40, 00, 9C, 8F, 05, 48, 9C, 40, 00, 8B, 45, 00, A3, 3C, 9C, 40, 00, 8B, 45, 04, A3, 40, 9C, 40, 00, 8D, 45, 08, A3, 4C, 9C, 40...
 
[+]

Entropy:
6.2346

Code size:
17.5 KB (17,920 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OV3_Monitor

Command:
"C:\Program Files\olympus\olympus viewer 3\firststart.exe" \os


Scan FirstStart.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.