snsr-hct.exe

WebDownload Application

Stanford University

This is a setup and installation application. The file has been seen being downloaded from snsr.stanford.edu and multiple other hosts.
Publisher:
Stanford University  (signed and verified)

Product:
WebDownload Application

Description:
Stanford University SelfExtracting Installer

Version:
2.0.4.0

MD5:
66dd114cbb615f88932b5589ae57a1bd

SHA-1:
8249c48ede629b80d31dbfe14e39086cf4da2427

SHA-256:
d05617332dd3e7b0503602e2a32e7fdefbc3b3161f8eb5513b5898cf96868c47

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 6:51:47 PM UTC  (today)

File size:
113.6 MB (119,132,160 bytes)

Product version:
2.0.4.0

Copyright:
Copyright (C) 2007-2013 Stanford University

Original file name:
Susei.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
Internet2

Valid from:
3/22/2016 5:00:00 PM

Valid to:
3/23/2019 4:59:59 PM

Subject:
CN=Stanford University, O=Stanford University, STREET=450 Serra Mall, L=Stanford, S=CA, PostalCode=94305, C=US

Issuer:
CN=InCommon RSA Code Signing CA, OU=InCommon, O=Internet2, L=Ann Arbor, S=MI, C=US

Serial number:
00BC29E735BBCE75AF2312954883F53812

File PE Metadata
Compilation timestamp:
1/26/2016 12:24:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3145728:auawuyNYcOk8iwv8RM3jWfyp2FVQKBcolQnT4CPsHRKZQ+d:pauJ8iu8RMguK2h+RLq

Entry address:
0x178A0

Entry point:
E8, AC, 05, 00, 00, E9, 4E, FE, FF, FF, E9, 85, 8A, 00, 00, 55, 8B, EC, 83, 61, 04, 00, 83, 61, 08, 00, 8B, 45, 08, 89, 41, 04, 8B, C1, C7, 01, E0, 00, 46, 00, 5D, C2, 04, 00, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 60, 00, 00, 00, C7, 06, E0, 00, 46, 00, 8B, C6, 5E, 8B, E5, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, E8, 00, 46, 00, C7, 01, E0, 00, 46, 00, C3, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, 27, 00, 00, 00, C7, 06, FC, 00, 46, 00, 8B, C6, 5E...
 
[+]

Entropy:
7.9990  (probably packed)

Code size:
370.5 KB (379,392 bytes)

The file snsr-hct.exe has been seen being distributed by the following 2 URLs.

http://snsr.stanford.edu/.../snsr-hct.exe

https://snsr.sunet.stanford.edu/.../snsr-hct.exe

Scan snsr-hct.exe - Powered by Reason Core Security