home

snsr-hct.exe

WebDownload Application

Stanford University

This is a self-extracting archive and installer. The file has been seen being downloaded from snsr.sunet.stanford.edu and multiple other hosts.
Publisher:
Stanford University  (signed and verified)

Product:
WebDownload Application

Description:
Stanford University SelfExtracting Installer

Version:
1, 0, 1, 2

MD5:
db029ff2935d395fcab691ee51932833

SHA-1:
aba1bab8c59c34283e6b02ba1741182d6c54a174

SHA-256:
fb106a24ab542fd8e5fc5e18a4cd39102762968a1745c7c9c4a7847b7fd01525

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 5:41:17 PM UTC  (today)

File size:
49.3 MB (51,684,024 bytes)

Product version:
3.0.16.8

Copyright:
Copyright (C) 2007 Stanford University

Original file name:
Susei.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\snsr-hct.exe

Digital Signature
Signed by:
Stanford University

Authority:
Internet2

Valid from:
4/2/2013 8:00:00 PM

Valid to:
4/2/2016 7:59:59 PM

Subject:
CN=Stanford University, O=Stanford University, STREET=450 Serra Mall, L=Stanford, S=CA, PostalCode=94305, C=US

Issuer:
CN=InCommon Code Signing CA, OU=InCommon, O=Internet2, C=US

Serial number:
0C342C20465159A15DC0881C35ACAA8D

File PE Metadata
Compilation timestamp:
9/20/2011 3:11:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:4csEPeBvaTcBlB5L0YIFiktlLpzeLznhoBJGb2495z7:tkVawBlrYvft3enh4an/

Entry address:
0x5DB0

Entry point:
E8, 60, 7D, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, D8, 93, 41, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 20, 70, 41, 00, 33, C5, 89, 45, FC, 83, A5, D8, FC, FF, FF, 00, 53, 6A, 4C, 8D, 85, DC, FC, FF, FF, 6A, 00, 50, E8, 0A, EE, FF, FF, 8D, 85, D8, FC, FF, FF, 89, 85, 28, FD, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, 2C, FD, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89...
 
[+]

Entropy:
7.9970  (probably packed)

Code size:
76 KB (77,824 bytes)

The file snsr-hct.exe has been seen being distributed by the following 2 URLs.

https://snsr.sunet.stanford.edu/.../snsr-hct.exe

http://snsr.stanford.edu/.../snsr-hct.exe

Scan snsr-hct.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.