20151228-016-v5i64.exe

Symantec Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from ruby.nitt.edu.
Publisher:
Symantec Corporation  (signed and verified)

MD5:
d2853f17ffe28ca29f5e9f6a37a53515

SHA-1:
3b01549c643d9f8213e269c6f2b4498a3ee610d8

SHA-256:
83c1d1cedbf6bdbbc4b927b4c89e0f794d5ca7082fd1b84108512a608daff65a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 2:23:14 PM UTC  (today)

File size:
427.4 MB (448,131,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\20151228-016-v5i64.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/8/2013 5:30:00 AM

Valid to:
1/7/2017 5:29:59 AM

Subject:
CN=Symantec Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12DB9E53539B8E248BC77DD2BA611167

File PE Metadata
Compilation timestamp:
2/17/2012 8:25:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12582912:fSS7/dP2PqqPLnazTU9wmDEsEWlWWQhk9jup+Dm7eRpCqmKOuIh0f2Cr9Ur:rR2Pfb2TU9tVEWlWGVmYpCqmKOuA42Cm

Entry address:
0xB583

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, F2, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, EE, 9F, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 17, A5, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 32, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9985  (probably packed)

Code size:
71.5 KB (73,216 bytes)

The file 20151228-016-v5i64.exe has been seen being distributed by the following URL.