home

watch.video.exe

Shorokoff

This is a setup program which is used to install the application. The file has been seen being downloaded from hotvideo.website and multiple other hosts.
Publisher:
Shorokoff

Product:
Shorokoff

Version:
5.01

MD5:
f0ed2bd5518f28dd726ee177877a2c14

SHA-1:
a7514e170b73a719ac74c49127463c960771a95d

SHA-256:
1577e86252ecca629c76e94de71bd89069b3a2c7cc9e23ded1f5c88688b8b948

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/14/2024 4:12:21 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:GenMalicious-LXO [PUP]
160215-2

File size:
808 KB (827,392 bytes)

Product version:
5.01

Copyright:
Shorokoff

Trademarks:
Shorokoff

Original file name:
Shorokoff.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\watch.video.exe

File PE Metadata
Compilation timestamp:
3/5/2016 11:12:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:AH7bLWnLATVCGIj4E9ChiaCyLaC07kMqAWOlMEPJ:ubLGATV5T107kMpzNP

Entry address:
0x3E0C

Entry point:
68, 0C, 44, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, CC, 65, 86, CA, 8D, C0, 0B, 4D, A3, F8, E5, 4B, 7C, 86, 91, 33, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 68, 6F, 72, 6F, 6B, 6F, 66, 66, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 02, 00, 00, 00, 14, CD, A0, BE, 6E, B4, B7, 4E, A9, 2A, 56, FD, DB, A0, 49, 74, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
636 KB (651,264 bytes)

The file watch.video.exe has been seen being distributed by the following 3 URLs.

http://hotvideo.website/amg5.php

http://hotvideo.website/amg7.php

http://hotvideo.website/amg8.php

Scan watch.video.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.