bigfix_client_installer_95256.exe

WebDownload Application

Stanford University

This is a setup and installation application. The file has been seen being downloaded from weblogin.stanford.edu and multiple other hosts.
Publisher:
Stanford University  (signed and verified)

Product:
WebDownload Application

Description:
Stanford University SelfExtracting Installer

Version:
2.0.4.0

MD5:
d9062cced633fe9d5b940e4457cb4940

SHA-1:
ef54f6bacac8656e2d773ade156cc6efe1d8983c

SHA-256:
32c76bfe24b61205b006ced8da82006013474e378fed5fd09b6cb754d1cd27b7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 6:31:43 PM UTC  (today)

File size:
25.3 MB (26,571,696 bytes)

Product version:
2.0.4.0

Copyright:
Copyright (C) 2007-2013 Stanford University

Original file name:
Susei.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bigfix_client_installer_95256.exe

Digital Signature
Authority:
Internet2

Valid from:
3/22/2016 5:00:00 PM

Valid to:
3/23/2019 4:59:59 PM

Subject:
CN=Stanford University, O=Stanford University, STREET=450 Serra Mall, L=Stanford, S=CA, PostalCode=94305, C=US

Issuer:
CN=InCommon RSA Code Signing CA, OU=InCommon, O=Internet2, L=Ann Arbor, S=MI, C=US

Serial number:
00BC29E735BBCE75AF2312954883F53812

File PE Metadata
Compilation timestamp:
1/26/2016 12:24:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
786432:hDuBA+sBJgG51f0UHFefxN2YC+d+OOSvQ3:ouBJ7hHFefCx+cOOSvo

Entry address:
0x178A0

Entry point:
E8, AC, 05, 00, 00, E9, 4E, FE, FF, FF, E9, 85, 8A, 00, 00, 55, 8B, EC, 83, 61, 04, 00, 83, 61, 08, 00, 8B, 45, 08, 89, 41, 04, 8B, C1, C7, 01, E0, 00, 46, 00, 5D, C2, 04, 00, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 60, 00, 00, 00, C7, 06, E0, 00, 46, 00, 8B, C6, 5E, 8B, E5, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, E8, 00, 46, 00, C7, 01, E0, 00, 46, 00, C3, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 27, 00, 00, 00, C7, 06, FC, 00, 46, 00, 8B, C6, 5E...
 
[+]

Entropy:
7.9852  (probably packed)

Code size:
370.5 KB (379,392 bytes)

The file bigfix_client_installer_95256.exe has been seen being distributed by the following 2 URLs.

https://weblogin.stanford.edu/login

http://web.stanford.edu/dept/its/support/bigfix/.../bigfix_client_installer_95256.exe

Scan bigfix_client_installer_95256.exe - Powered by Reason Core Security