» ovisetup.exe
Overview
Analysis
File Details
Downloads (1)

ovisetup.exe

OpenIV

New Technology Studio

The executable ovisetup.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from openiv.com.

File name:

ovisetup.exe

Publisher:

New Technology Studio

Product:

OpenIV

Description:

OpenIV setup

Version:

2.0.0.32

MD5:

77808c3e821792724369a1581e29cca8

SHA-1:

6b9f5d8d0b6842e24ae59928641073e8ab634dc3

SHA-256:

954effd61047ebb29c1fe998e891a1bc2b6b1437601eca72bfea553e515d2474

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/15/2024 5:46:56 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Win32.Parite.2

9.0.1.05190

ESET NOD32

Win32/Parite.B virus

7.0.302.0

VIPRE Antivirus

Threat.46249

50318

File size:

4.2 MB (4,412,888 bytes)

Product version:

2.0.0.0

Original file name:

ovisetup.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\downloads\ovisetup.exe

File PE Metadata

Compilation timestamp:

1/4/2016 9:15:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:RLOh8Q5JqkikIBAT0nSqUEdQVNlkJ6Se0kGReDtaIgRpITd7nGMVSJ3+TeBuZpFl:tgJUBqzE+LrtaI2pITdAurp6K

Entry address:

0x4A6000

Entry point:

68, 88, CE, B3, 00, 59, 90, 90, BF, 1E, 60, 8A, 00, 90, 90, BE, 98, 05, 00, 00, 90, 90, 31, 0C, 3E, 4E, 83, EE, 03, 75, F7, 90, 90, 90, 60, B3, B2, 00, 88, CE, B3, 00, 88, CE, F3, 00, F8, 48, 87, 00, 88, 6E, F3, 00, 50, 6B, F3, 00, 88, 7E, B1, 00, 77, 31, 4C, FF, 8C, D2, CC, 00, D0, E8, CC, 00, E8, E8, CC, 00, C4, B4, 86, 00, DE, E8, 8C, 00, D6, E8, 8C, 00, 8C, 4A, 86, 00, DE, E8, 8C, 00, D6, E8, 8C, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE... 
[+]

Code size:

3.3 MB (3,437,568 bytes)

The file ovisetup.exe has been seen being distributed by the following URL.

http://openiv.com/.../guest.php?get=1

Remove ovisetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.