home

VideoGet.exe

VideoGet

ONE UP LTD.

The application VideoGet.exe by ONE UP has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address recover-keys.com on port 80 using the HTTP protocol.
Publisher:
Nuclear Coffee Software  (signed by ONE UP LTD.)

Product:
VideoGet

Version:
7.0.3.91

MD5:
9a584037ea7499f938e806c346db248c

SHA-1:
c72dd5afbcfa015bf772fad6d17930e68e5b218a

SHA-256:
1f727ccdaa975a8e4cb4269a2a69be3258b9191d2b1d0fba1f3bdd5784edc551

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 9:10:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ONEUP.I
14.8.19.8

Trend Micro House Call
TROJ_GEN.F47V0704
7.2.231

File size:
12 MB (12,586,944 bytes)

Product version:
7.0.3.91

Copyright:
Copyright © 2006-2014 by Nuclear Coffee

Original file name:
VideoGet.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\nuclear coffee\videoget\videoget.exe

Digital Signature
Signed by:
ONE UP LTD.

Authority:
Starfield Technologies, Inc.

Valid from:
4/25/2013 8:33:03 PM

Valid to:
4/25/2016 8:33:03 PM

Subject:
CN=ONE UP LTD., O=ONE UP LTD., L=LEMESOS, S=LEMESOS, C=CY

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
041ABD63CA5DA9

File PE Metadata
Compilation timestamp:
8/9/2014 7:53:27 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:n65Yy212FmvPK0Tg5DZXZzmgUErx1wZ8rxEwE:n4FvFoS0Tg1zJUEN1BG

Entry address:
0x89C560

Entry point:
55, 53, 48, 83, EC, 48, 48, 8B, EC, 48, C7, 45, 28, 00, 00, 00, 00, 48, C7, 45, 38, 00, 00, 00, 00, 48, C7, 45, 30, 00, 00, 00, 00, 90, 48, 8D, 0D, C7, 5B, FE, FF, E8, D2, 78, 77, FF, 90, 48, 8B, 05, 0A, 34, 0E, 00, 48, 8B, 08, E8, 12, 9D, 90, FF, 48, 8B, 05, F3, 27, 0E, 00, C6, 00, 00, C6, 05, 7D, 24, 0F, 00, 00, E8, 9C, 9B, 76, FF, C7, C1, 01, 00, 00, 00, 89, C3, 89, 0D, 6E, 24, 0F, 00, 39, 1D, 68, 24, 0F, 00, 7F, 4B, 83, C3, 01, 48, 8D, 4D, 30, 8B, 15, 59, 24, 0F, 00, E8, F4, 9B, 76, FF, 48, 8D, 4D, 38...
 
[+]

Entropy:
6.1716

Code size:
8.6 MB (9,025,536 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to recover-keys.com  (67.227.206.155:80)

Remove VideoGet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.