ovisetup.exe

OpenIV

New Technology Studio

The executable ovisetup.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from openiv.com.
Publisher:
New Technology Studio

Product:
OpenIV

Description:
OpenIV setup

Version:
2.0.0.32

MD5:
77808c3e821792724369a1581e29cca8

SHA-1:
6b9f5d8d0b6842e24ae59928641073e8ab634dc3

SHA-256:
954effd61047ebb29c1fe998e891a1bc2b6b1437601eca72bfea553e515d2474

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/28/2024 12:32:30 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Win32.Parite.2
9.0.1.05190

ESET NOD32
Win32/Parite.B virus
7.0.302.0

VIPRE Antivirus
Threat.46249
50318

File size:
4.2 MB (4,412,888 bytes)

Product version:
2.0.0.0

Copyright:
© New Technology Studio

Original file name:
ovisetup.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\ovisetup.exe

File PE Metadata
Compilation timestamp:
1/4/2016 9:15:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:RLOh8Q5JqkikIBAT0nSqUEdQVNlkJ6Se0kGReDtaIgRpITd7nGMVSJ3+TeBuZpFl:tgJUBqzE+LrtaI2pITdAurp6K

Entry address:
0x4A6000

Entry point:
68, 88, CE, B3, 00, 59, 90, 90, BF, 1E, 60, 8A, 00, 90, 90, BE, 98, 05, 00, 00, 90, 90, 31, 0C, 3E, 4E, 83, EE, 03, 75, F7, 90, 90, 90, 60, B3, B2, 00, 88, CE, B3, 00, 88, CE, F3, 00, F8, 48, 87, 00, 88, 6E, F3, 00, 50, 6B, F3, 00, 88, 7E, B1, 00, 77, 31, 4C, FF, 8C, D2, CC, 00, D0, E8, CC, 00, E8, E8, CC, 00, C4, B4, 86, 00, DE, E8, 8C, 00, D6, E8, 8C, 00, 8C, 4A, 86, 00, DE, E8, 8C, 00, D6, E8, 8C, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE, B3, 00, 88, CE...
 
[+]

Code size:
3.3 MB (3,437,568 bytes)

The file ovisetup.exe has been seen being distributed by the following URL.

Remove ovisetup.exe - Powered by Reason Core Security