home

omniformat.exe

Software995 Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Software995 Inc.  (signed and verified)

MD5:
9345ad0c215a2465da27a44ee317e249

SHA-1:
0c5f3889c95a111a1606a23cce53591a0fa66b36

SHA-256:
06c73a1c375d0dc0c8adabc56ed95316184ca6e271b8d7d9e662f04b471ac1e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:48:59 PM UTC  (today)

File size:
5.8 MB (6,104,464 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\omniformat.exe

Digital Signature
Signed by:
Software995 Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/3/2007 8:00:00 PM

Valid to:
6/21/2009 7:59:59 PM

Subject:
CN=Software995 Inc., O=Software995 Inc., L=Palo Alto, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
06C7BA010F5927CA878EA89379A29959

File PE Metadata
Compilation timestamp:
7/23/2007 1:30:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:eRVF8TwWbWk9wngDRBGAGEcSX1z9rGxLW5jXB5j+qRYOHKOmeQasOMO2c:e6XbBwngDRBGt6zOLWrjlRYOHKOyasOL

Entry address:
0x7EB8

Entry point:
E8, 19, 28, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, A4, 15, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 35, 15, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 3B, CB, 56, 8B, 75, 08, 74, 21, 3B, F3, 75, 1D, E8, 75, 15, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 06, 15, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 3B, C8, 89, 45, E4, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7, 45, EC...
 
[+]

Entropy:
7.9937  (probably packed)

Code size:
60 KB (61,440 bytes)

The file omniformat.exe has been seen being distributed by the following 3 URLs.

http://gsf-cf.softonic.com/0c5/f38/.../file?SD_used=0&channel=WEB&fdh=no&id_file=36295&instance=softonic_es&type=PROGRAM&Expires=1481074792&Signature=P72clNjBbBw1uU4A27H5Z1rF~Qlrc14W2WACBQ4KAdSrsflz1RbORE1F56Fg1zinr1cwH9g5P71~GgIgN3ZU1H05e~s~4sp1sORTV6jF7alu7oQH1zg8ddyeYwAMhS5yZ6lfPQ-GluR10kYbBCOJAzRvQGvUh-TJHV8Tb2SFwu0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=omniformat.exe

http://gsf-cf.softonic.com/0c5/f38/.../file?SD_used=0&channel=WEB&fdh=no&id_file=36295&instance=softonic_en&type=PROGRAM&Expires=1441626020&Signature=aVyaAbe5P3-vHd95rkp7wxsCBGWOsaCCPVrqPBM9RZ4UdOYB2s-lOuP0HWDIIVgrEAP~EUcaRI5VCX4JUEcxwbMXI2c1nHazAKHO2sxMxQvedxm6G2NYyg0MrVPD9xKvuAqEeIunewNrx55oUM~EVW~bH7SB6LTJl9Tml~2QaU8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=omniformat.exe

http://gsf-cf.softonic.com/0c5/f38/.../file?SD_used=0&channel=WEB&fdh=no&id_file=36295&instance=softonic_es&type=PROGRAM&Expires=1434272214&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=ctpg8c5-EGw6dDq3HwsX3oTNh4447c9MnoiUby1JD2pm-LwZQjNACtE4XDfSN6eTJR~JskZGTc7xnWXKLVyQeZNm12gVdDDkybKlh4GClBGfG3F0BIQJfAUWsBY9p2bXDCcIlZnwuR7n2GulsaR5Hx5n2IPz58NVpFzvoJdYp9M_&filename=omniformat.exe

Scan omniformat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.