» oneroof_ccp_server_setup.exe
Overview
Analysis
File Details
Downloads (2)

oneroof_ccp_server_setup.exe

CyberCafePro Server

OneRoof, Inc.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from doc-04-2g-docs.googleusercontent.com and multiple other hosts.

File name:

Publisher:

CyberCafePro, Inc. (signed by OneRoof, Inc. )

Product:

CyberCafePro Server

Description:

CyberCafePro Server Software

Version:

6.3.0.21

MD5:

6fc8df327878a08a8714bf4cebdd83f1

SHA-1:

76120a7d315b500fb54ff7d34df9b870c3d576f7

SHA-256:

062df8ec8f9e0f183409c1b99a8343b8a4ee370a8818495154e104e2e8a920ba

Scanner detections:

3 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 4:39:39 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Pedka

1.3.0.4959

Dr.Web

BACKDOOR.Trojan

9.0.1.0151

NANO AntiVirus

Trojan.Win32.MLW.cvbsae

0.28.0.59921

File size:

11.5 MB (12,098,360 bytes)

Product version:

6.3.0.21

OneRoof Inc.

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\oneroof_ccp_server_setup.exe

Digital Signature

Signed by:

OneRoof, Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

2/13/2014 1:02:02 PM

Valid to:

1/3/2015 4:51:02 PM

Subject:

CN="OneRoof, Inc. ", O="OneRoof, Inc. ", L=Kensington, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043EB6BEC5DCDF

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:uyoVwVTKap6hbSZSdv6EQLG8OcRK17BzHG+z3V5MIHrVrK4tKh+H+tFOj98i2LIS:KVwL6hbSZKvAVBRK17Bzme37Vr7mq8Oq

Entry address:

0x9B24

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, EC, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, EC, CD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9998

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file oneroof_ccp_server_setup.exe has been seen being distributed by the following 2 URLs.

https://doc-04-2g-docs.googleusercontent.com/docs/securesc/18g14p3cm01m8ins3pbmghel4o8q8tnd/m644lt6j592h1dcc5b2oad0vl25fj8se/1485273600000/.../10629269807123678421/0B2KpIFokDFx4aWo1OW1fSHczOWM?e=download

http://www.cybercafepro.com/.../OneRoof_CCP_Server_Setup.exe

Scan oneroof_ccp_server_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.