» epo_agent_48_zeus_signed.exe
Overview
Analysis
File Details
Downloads (1)

epo_agent_48_zeus_signed.exe

McAfee Agent

Ecole Polytechnique Federale de Lausanne

This is a setup program which is used to install the application. The file has been seen being downloaded from wiki.epfl.ch.

File name:

Publisher:

McAfee, Inc. (signed by Ecole Polytechnique Federale de Lausanne)

Product:

McAfee Agent

Description:

Framework Package Stub

Version:

4.8.0.1500

MD5:

ae94b9c931b9fa3b60224ff2a2e620ed

SHA-1:

9f774fffa1f3693c6c09c38f28d46fb404cbfd1c

SHA-256:

f3c1568f1021c8a444582ce69d76717ce65955550b50c8bf2abd57535311ed4f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/25/2024 1:43:10 PM UTC (today)

File size:

6.7 MB (7,016,168 bytes)

Product version:

4.8.0

Original file name:

wstub32.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\epo_agent_48_zeus_signed.exe

Digital Signature

Signed by:

Ecole Polytechnique Federale de Lausanne

Authority:

QuoVadis Trustlink Switzerland Ltd.

Valid from:

10/15/2013 10:51:19 AM

Valid to:

10/15/2014 10:51:19 AM

Subject:

E=codesigning@epfl.ch, CN=Ecole Polytechnique Federale de Lausanne, OU=SI-DIT, O=Ecole Polytechnique Federale de Lausanne, C=CH

Issuer:

CN=QuoVadis Swiss Advanced CA, OU=Issuing Certification Authority, O=QuoVadis Trustlink Switzerland Ltd., C=CH

Serial number:

551E6AADAFF828C73F17487D2C59C214361676AD

File PE Metadata

Compilation timestamp:

12/2/2013 5:11:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:lHLBLeeLArU8owu+YR29J8Dm0q1FTIImN0:l1BArO6Lmm0GO0

Entry address:

0x8A00

Entry point:

E8, B2, 74, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 57, FF, 75, 10, 8D, 4D, F0, 33, DB, 33, FF, E8, 33, DA, FF, FF, 8B, 4D, 08, 3B, CB, 75, 20, E8, 79, 09, 00, 00, C7, 00, 16, 00, 00, 00, E8, 4E, 2D, 00, 00, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 33, C0, EB, 66, 56, 8B, 75, F4, 39, 5E, 08, 75, 19, FF, 75, 0C, 51, E8, 54, E2, FF, FF, 59, 59, 38, 5D, FC, 74, 4C, 8B, 4D, F8, 83, 61, 70, FD, EB, 43, 8A, 11, 0F, B6, C2, F6, 44, 30, 1D, 04, 74, 1D, 41, 8A, 11, 84, D2, 74, 12, 0F... 
[+]

Entropy:

7.9945 (probably packed)

Code size:

106.5 KB (109,056 bytes)

The file epo_agent_48_zeus_signed.exe has been seen being distributed by the following URL.

http://wiki.epfl.ch/secure-it/documents/.../epo_agent_48_zeus_signed.exe

Scan epo_agent_48_zeus_signed.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.