home

OFISGateway.EXE

OFIS Gateway

FingerTec Worldwide

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘S-Pack’. The file has been seen being downloaded from www.fingertec.com.
Publisher:
FingerTec Worldwide

Product:
OFIS Gateway

Version:
2,0,1219,16

MD5:
9826c0ad7eb532eeb6888f03acba8793

SHA-1:
4aaa7f2a7c97c25c11754dc466ab92084e347fee

SHA-256:
7b67c6e0ff8107bb1c35bdef8cc5570cf81546ca94567883e845e623ae1d556a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 3:03:57 PM UTC  (today)

File size:
15.2 MB (15,951,872 bytes)

Product version:
2,0,1219,16

Copyright:
FingerTec Worldwide Copyright (C) 2012

Original file name:
OFISGateway.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\roaming\oti\s-pack\exec\ofisgateway.exe

File PE Metadata
Compilation timestamp:
8/8/2012 2:41:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:o5r/jfFpXrA+NHIr6xOAKUzFiR0tuNWhMi4hAczWcMXQ53MGFl2C9:o5r/jN1rA+dIrGHBiRkWi4hAczQyMglX

Entry address:
0x19318A0

Entry point:
60, BE, 00, 60, E5, 00, 8D, BE, 00, B0, 5A, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7962

Packer / compiler:
UPX 2.90LZMA

Code size:
14.9 MB (15,581,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
S-Pack

Command:
C:\Program Files\ofis gateway\ofisgateway.exe sys_auto_run _run_ C:\Program Files\ofis gateway


The file OFISGateway.EXE has been seen being distributed by the following URL.

http://www.fingertec.com/.../OFISGateway_Setup.exe

Scan OFISGateway.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.