5591bm_client_eyemax.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download.eyemaxdvr.com.
Version:
1.0.15.0

MD5:
21f489542617236bbdf8a26f274934ad

SHA-1:
85bed7322abd0549ecd25cc5003a3952e8a5e3ab

SHA-256:
eaf1ed8623d9315c88702fabc7b07266225fb7b60ad3306e0cecb308f9d69c86

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 5:26:59 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
21943

Dr.Web
Trojan.Inject2.1394
9.0.1.05190

Sophos
PUA 'Winlock' (of type Hacktool)
5.22

Trend Micro House Call
Suspicious_GEN.F47V0301
7.2.356

File size:
10.3 MB (10,751,933 bytes)

Product version:
1.0.15.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\5591bm_client_eyemax.exe

File PE Metadata
Compilation timestamp:
3/8/2011 12:04:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
196608:Prf3P/oEfAHgWOKj7yuZpltQE0l8+eucAEhjz/rxCpiwZ+6thuSM:Pz//o7HFFmOhS86WjDyiR/

Entry address:
0x1FC86

Entry point:
6A, 60, 68, B0, A9, 42, 00, E8, C6, 09, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 62, FF, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E8, 80, 42, 00, 8B, 4E, 10, 89, 0D, 28, FC, 42, 00, 8B, 46, 04, A3, 34, FC, 42, 00, 8B, 56, 08, 89, 15, 38, FC, 42, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 2C, FC, 42, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 2C, FC, 42, 00, C1, E0, 08, 03, C2, A3, 30, FC, 42, 00, 33, F6, 56, 8B, 3D, C0, 81, 42, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
7.9703

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
156 KB (159,744 bytes)

The file 5591bm_client_eyemax.exe has been seen being distributed by the following URL.

Scan 5591bm_client_eyemax.exe - Powered by Reason Core Security