» VideoChannel.exe
Overview
Analysis
File Details
Behaviors (1)

VideoChannel.exe

Evaer Video Call Recorder for Skype

Hsuchow EuroTech Automatic Equipment Co., Ltd.

The executable VideoChannel.exe, “Video Channel Moniter” has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘avichannel’.

File name:

VideoChannel.exe

Publisher:

Evaer Technology (signed by Hsuchow EuroTech Automatic Equipment Co., Ltd.)

Product:

Evaer Video Call Recorder for Skype

Description:

Video Channel Moniter

Version:

2, 6, 6, 72

MD5:

94b601008c84e5db1235d0e96754fc09

SHA-1:

976a02ccef134aad603bfd5ab7068acb4c545df9

SHA-256:

42b3410442155297430c8ddd9fdf7312973812ee0379d69eeb69c975779921a2

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

4/25/2024 6:50:52 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.154

Microsoft Security Essentials

TrojanDropper:Win32/Floxif.A

1.233.3818.0

File size:

1.7 MB (1,823,157 bytes)

Product version:

1, 6, 2, 75

Trademarks:

Evaer Technology

Original file name:

VideoChannel.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\evaer\videochannel.exe

Digital Signature

Signed by:

Hsuchow EuroTech Automatic Equipment Co., Ltd.

Authority:

COMODO CA Limited

Valid from:

3/22/2013 1:00:00 AM

Valid to:

3/23/2018 12:59:59 AM

Subject:

CN="Hsuchow EuroTech Automatic Equipment Co., Ltd.", O="Hsuchow EuroTech Automatic Equipment Co., Ltd.", STREET="1#-3-401, Fengcai Community", STREET="No.66, Fuxing", L=Xuzhou, S=JiangSu, PostalCode=221005, C=CN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EE562454F374893DC0A3EA532A34DDDC

File PE Metadata

Compilation timestamp:

3/8/2015 2:25:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x104924

Entry point:

E9, E2, 7C, FE, FF, E9, 79, FE, FF, FF, 3B, 0D, 40, 88, 57, 00, 75, 02, F3, C3, E9, E9, 76, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, C7, 72, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 20, 91, 57, 00, 74, 12, 8B, 0D, 3C, 90, 57, 00, 85, 48, 70, 75, 07, E8, 41, 81, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 40, 8F, 57, 00, 74, 16, 8B, 46, 08, 8B, 0D, 3C, 90, 57, 00, 85, 48, 70, 75, 08, E8, B5, 79, 00, 00, 89, 46, 04, 8B, 46, 08, F6... 
[+]

Entropy:

6.5701

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.2 MB (1,229,312 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

avichannel

Command:

"C:\Program Files\evaer\videochannel.exe"

Remove VideoChannel.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.