» VideoGet.exe
Overview
Analysis
File Details
Programs (1)
Network (4)

VideoGet.exe

VideoGet

ONE UP LTD.

The application VideoGet.exe by ONE UP has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program ChesterSoft - Video Downloader by ChesterSoft. While running, it connects to the Internet address recover-keys.com on port 80 using the HTTP protocol.

File name:

VideoGet.exe

Publisher:

Nuclear Coffee Software (signed by ONE UP LTD.)

Product:

VideoGet

Version:

7.0.3.91

MD5:

69577555d53717d32b97f56a2f02092b

SHA-1:

7f9621c55ad5725c33bbcee5ed7a34daccf3eced

SHA-256:

4da18c3ba23650837334011df060f0c8ba66b5dc5497ba782e5ead35355fcedb

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/22/2024 9:11:03 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.ONEUP.I

14.8.31.0

Trend Micro House Call

TROJ_GEN.F47V0704

7.2.240

File size:

8.3 MB (8,684,992 bytes)

Product version:

7.0.3.91

Original file name:

VideoGet.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\nuclear coffee\videoget\videoget.exe

Digital Signature

Signed by:

ONE UP LTD.

Authority:

Starfield Technologies, Inc.

Valid from:

4/25/2013 4:33:03 PM

Valid to:

4/25/2016 4:33:03 PM

Subject:

CN=ONE UP LTD., O=ONE UP LTD., L=LEMESOS, S=LEMESOS, C=CY

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

041ABD63CA5DA9

File PE Metadata

Compilation timestamp:

8/9/2014 3:54:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:23g65RBr4IzV0uw0LVWF7uxLsjw+XIZmjYkWrHuVwZ8rxEw0:mP5Pd50z0n8U/hrHuVBm

Entry address:

0x5A87E8

Entry point:

55, 8B, EC, 83, C4, E4, 53, 56, 57, 33, C0, 89, 45, E4, 89, 45, EC, 89, 45, E8, B8, 04, 4C, 99, 00, E8, 52, 38, A6, FF, 33, C0, 55, 68, 15, 89, 9A, 00, 64, FF, 30, 64, 89, 20, A1, F0, 33, 9D, 00, 8B, 00, E8, 78, 1A, B6, FF, A1, 1C, 2F, 9D, 00, C6, 00, 00, 33, DB, E8, 1D, C1, A5, FF, 8B, F8, 85, FF, 7E, 31, BE, 01, 00, 00, 00, 8D, 55, E8, 8B, C6, E8, 68, C1, A5, FF, 8B, 45, E8, 8D, 55, EC, E8, 31, 6B, A7, FF, 8B, 45, EC, BA, 30, 89, 9A, 00, E8, E8, 03, A6, FF, 75, 04, B3, 01, EB, 04, 46, 4F, 75, D4, 8D, 45... 
[+]

Entropy:

6.7614

Developed / compiled with:

Microsoft Visual C++

Code size:

5.7 MB (5,928,448 bytes)

The file VideoGet.exe has been discovered within the following program.

ChesterSoft - Video Downloader by ChesterSoft

chestersoft.com

About 6% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to recover-keys.com (67.227.206.155:80)

TCP (HTTP):

Connects to cds30004.dca.llnw.net (38.100.7.211:80)

TCP (HTTP):

Connects to cds3.dca.llnw.net (38.100.7.133:80)

TCP (HTTP):

Connects to cds20008.dca.llnw.net (38.100.7.176:80)

Remove VideoGet.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.