coreavc_3.0.1_professional_edition-setup.exe

CoreAVC Professional Edition

CoreCodec Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program CoreCodec CoreAVC Professional Edition. The file has been seen being downloaded from cfile7.uf.tistory.com and multiple other hosts.
Publisher:
CoreCodec, Inc.  (signed by CoreCodec Inc.)

Product:
CoreAVC Professional Edition

Description:
CoreAVC Professional Edition Installer

Version:
3.0.1.0

MD5:
167a1379c9fd15f85dafea0bc0da1552

SHA-1:
74e18e9e6e6b97ee1e09e285419c3a1a302d7808

SHA-256:
4c0b51481600add10c2ddee8f8d8bfa218d8f76031db34584c308676b1fd8ad2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 12:55:46 AM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Trojan.Win32.Agent.87672
2011.4.7.4223

File size:
2.2 MB (2,255,504 bytes)

Copyright:
© 2006-2011 CoreCodec, Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\coreavc_3.0.1_professional_edition-setup.exe

Digital Signature
Signed by:

Authority:
GeoTrust Inc.

Valid from:
9/1/2011 2:26:05 PM

Valid to:
9/16/2012 8:27:15 AM

Subject:
E=ktaylor@corecodec.com, CN=CoreCodec Inc., OU=Email and phone validated only., OU=Phone Validation - 1(732) 372-5976, OU=See Public S/MIME CPS www.geotrust.com/resources/CPS., OU=CPS terms incorporated by reference liability limited.

Issuer:
CN=GeoTrust True Credentials CA 2, O=GeoTrust Inc., C=US

Serial number:
1107D3

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:SYYZuVm18WDkE6O4bspyoEpACh9KBhEvRx4KNNW9ibK:SYYuVVkkEL4npACHKBCx4qo9

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9918

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file coreavc_3.0.1_professional_edition-setup.exe has been discovered within the following program.

About 1% of users remove it
 
Powered by Should I Remove It?

The file coreavc_3.0.1_professional_edition-setup.exe has been seen being distributed by the following 2 URLs.

Scan coreavc_3.0.1_professional_edition-setup.exe - Powered by Reason Core Security