home

iris501demo.exe

eEye Digital Security

This is a setup program which is used to install the application. The file has been seen being downloaded from iris-network-traffic-analyzer.en.softonic.com.
Publisher:
eEye Digital Security  (signed and verified)

Description:
eEye Digital Security Iris Network Traffic

Version:
5.0.1.35

MD5:
5bfb4278800ce1a614ababace5cd7886

SHA-1:
fc6ea270e91948eb62a3085cf78d2a2fa0fd37c7

SHA-256:
5334e590e3d5fb7e64447ccfe2ed22023147d5eabc2c1624b203a2891e76d9b7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/13/2025 4:21:25 PM UTC  (today)

File size:
9 MB (9,390,208 bytes)

Copyright:
eEye Digital Security

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\iris501demo.exe

Digital Signature
Signed by:
eEye Digital Security

Authority:
VeriSign, Inc.

Valid from:
8/18/2004 5:00:00 PM

Valid to:
8/19/2005 4:59:59 PM

Subject:
CN=eEye Digital Security, OU=Network Operations, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=eEye Digital Security, L=Aliso Viejo, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2001 CA, OU=Terms of use at https://www.verisign.com/rpa (c)01, OU=VeriSign Trust Network, O="VeriSign, Inc."

Serial number:
0D7B65245608B45F5E073B918DF6D58E

File PE Metadata
Compilation timestamp:
8/12/2004 6:48:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
196608:NA1oMuWr45hrr2k/+Y9CozbxkUyJl/VyjA/898n4elJnNTQm:meJWGhrr2kWgCjUyJqhI4KJNkm

Entry address:
0x4091

Entry point:
55, 8D, 6C, 24, 88, 81, EC, EC, 0F, 00, 00, 53, 56, 57, 6A, 04, FF, 15, F4, 70, 40, 00, 33, FF, 89, 7D, 2C, 89, 7D, 04, 89, 7D, 24, 89, 7D, 1C, 89, 7D, 20, 89, 7D, 0C, 89, 7D, 10, 89, 7D, 44, 89, 7D, 14, 89, 7D, 28, 89, 7D, 18, FF, 15, B8, 70, 40, 00, 8B, F0, 8A, 06, 3C, 22, 89, 75, 60, 75, 24, EB, 04, 3C, 22, 74, 0E, 46, 8A, 06, 84, C0, 89, 75, 60, 75, F2, 3C, 22, 75, 14, 46, 89, 75, 60, EB, 0E, 3C, 20, 74, 0F, 46, 8A, 06, 89, 75, 60, 84, C0, 75, F2, 80, 3E, 20, 75, 09, 46, 80, 3E, 20, 74, FA, 89, 75, 60...
 
[+]

Entropy:
7.8252  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file iris501demo.exe has been seen being distributed by the following URL.

http://iris-network-traffic-analyzer.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN5WtHDaXqP1bZH5gYbEjmybr/7MAzEC34gu mSqdoG/H RUcj 3lgmP3otec 1KoO6IjroCAq61bYdYD/hp3JukNZWVTy53DZDAA0xFeH NS1Y8IuwATV6g9mK2OJWx7ldYE clTKVVVkot/0YsML91dQXE6v3XitT0047EaRRNCk7efUCXBP9bxFWhOgbh9RfWy tklnxAGkZ4e9/TXnNx0zeC6S1XIEXXreRZSj4TSrUob8P2PNZG7xBsxH/0YRPb1RxRxrcoDoeAycAW5VvlDMsLCIAFjELJoCnw78cuKlU5bKQx73n1cKx TxGJxxCAHlscXrj7q6jhMpmsrNIlCGkdUzpNOGWz6Puxa9ibAeQCM5y8bHEry1oETMWyRLGB6sY1tnFIlzAg/g/Vo2xz4 HnX0fN9o2BS7k6oTClZND/l dHZAeyviH6V6p/Yu/ui2PbPbAV19wxIyq2dsrIBbsRY2Rl9UQs3MF3tdVoCt6hiGe321opn8usJQW3SRacrBaDezUHUwwaQFcB6iznPgPJ2Geg1Hgqv5g6/ZqgW/.../woUifZTm

Scan iris501demo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.