h264webcam_setup.exe

H264WebCam

TimHillOne Software

The executable h264webcam_setup.exe, “H264WebCam Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.downloadcollection.com.
Publisher:
TimHillOne Software

Product:
H264WebCam

Description:
H264WebCam Setup

MD5:
27a9ad32f2a88c2a7b03e85efc21ba1c

SHA-1:
507124e2a3dcc3d54547abe9a6d701f9cde79de8

SHA-256:
107d153251b9fb2a1b2d46a0790b75be358f3e110d894c7096643f1604501685

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/23/2024 10:18:00 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160708-3

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.2396.0

Norman
Win32.Sality.3
28.05.2016 13:03:37

File size:
4.9 MB (5,180,973 bytes)

Product version:
4.0

Copyright:
Copyright © 2006-2012 Timhillone Software.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\h264webcam_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:PZwR9DC7oLVMCzJNqtY+PFlWfZox4m1k2yPz7VyCz0217csB3xlm28L1n2UhVd1+:RwO8SCzUY+tMfq4Wk2I7VyY17cMhlmNo

Entry address:
0x9B60

Entry point:
12, D7, C6, C5, A8, F6, C7, 77, 1D, F8, 7C, 4B, 88, 8B, EE, 71, 09, 8A, C3, FE, C4, BD, 9F, DE, 0C, 04, 22, F3, C6, C1, 9D, 00, DE, 8B, C2, E8, 3B, 00, 00, 00, 8D, 15, E4, 0D, 5F, 5A, F6, C0, 70, BB, 17, 12, C4, 62, FF, CA, 80, FB, F0, B7, CD, F6, C4, ED, 81, CA, 5B, 17, B7, B0, B8, 00, 00, 00, 00, C7, C3, FB, 80, 0A, 0E, 0D, 1C, 23, 00, 00, 8B, FD, 8D, 2D, DB, D3, 90, 9D, 05, 2C, B7, 00, 00, C7, C0, 9E, C9, 70, BB, BA, 0A, 37, E6, E7, 69, F3, EE, 09, A4, D9, 8B, D7, 89, C2, F6, C1, 80, C6, C1, B8, 33, F7...
 
[+]

Entropy:
7.9989  (probably packed)

Code size:
37 KB (37,888 bytes)

The file h264webcam_setup.exe has been seen being distributed by the following URL.

Remove h264webcam_setup.exe - Powered by Reason Core Security