cl20_evl.exe

Model Science Software Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Model Science Software Inc.  (signed and verified)

MD5:
0127543b98b916500696a1134fa19d22

SHA-1:
6ffd40c710321fce88361ee298ddd7a61c4c15a3

SHA-256:
483626716e577eec06d6909ff55790e647e975d5f8979e785a17664255ab6fa2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/9/2024 1:21:53 AM UTC  (today)

File size:
2.6 MB (2,766,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\cl20_evl.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/29/2006 12:00:00 AM

Valid to:
3/29/2007 11:59:59 PM

Subject:
CN=Model Science Software Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Model Science Software Inc., L=Waterloo, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
67EAD028D5DB3D98FDD61523C54EBA36

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:OAjxHRmZUtrSJ3petNUXtIdkdj2TxgGtk3QTV4dXtViI/vcWR93IHJ5ESZB4a:OAjxxuURSaNU9IdkR2TPtHT6GWj3CJ5j

Entry address:
0x52B70

Entry point:
60, BE, 00, 70, 43, 00, 8D, BE, 00, A0, FC, FF, C7, 87, B0, A4, 03, 00, F3, 01, 97, 85, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
112 KB (114,688 bytes)

The file cl20_evl.exe has been seen being distributed by the following 7 URLs.

https://dw.uptodown.com/dwn/SXKwHCIPeXh4iYvpiZBattmtIRpMLnKXdjfQ32AwckFesyp9woJT_h_U_Ln_bF5hIj3NJqy3QwtFi4iS9DAN-a-Cwskv7oVVnKeMVYsac4kn-MXvXT2uSWw9HTix1P9_/lG4m8RfDy9kZ8nVHugr-n-sJBmzbU0FoYezgQsEjxsIcIJpmGP9PLZFOJpHUZ1BOYw-OcYzwaHHJgMBBn-8aPC9KUACpukhGr5ZqpgTQLAx-fblffNbjm-2Y2byAdBBP/BVhsTDTVfWlUxXA9AsJm4wKNY98ouUQgJqMBB1jSh_U-wA1_2OBiVp1T841LbtM-w_53IrWYuMzQmcfTGyxThHgBbpxnhHXg2GxJmoR2ouGn1AKqOXCp5luFgqWDpRjq/.../

https://dw.uptodown.com/dwn/jS8tYPHW8F99ymE195q9CXLWzZfC3G4VI-eB-rEe7-wKMx-Wels1PBG52YBVROhoPv8B3YSUkW66GXFyWu7hPbZTxlR6UPVag-trWk30TOvgQ8lF_Ja4wVoWByRMwJKc/lVkshP7kR9-NBqA3dYDjbspI8OAgEywpO2QQtFb34XgTke6LWS5-A6jxVjfWdOC8xsRudDwsraars9UhGRbpfIQFm69HlRhxV9H1e16EygxjXooInp9Gpry8s2csw9z5/IkhGfDiMCg2PnAGJmLNPADrtjDplzE8McYRxzqmEVKvoUHBYYZfpC8Aby3wXyhXSO-iL54BTQtngyha4we74-2EErjoMeVQDeeRs_jPkIqmidXYAjhJ6cfwi6C1c9DqT/.../

Scan cl20_evl.exe - Powered by Reason Core Security