» the all steeing eye_install.exe
Overview
Analysis
File Details
Downloads (4)

the all steeing eye_install.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from www.signssoftwarenew.com and multiple other hosts.

File name:

MD5:

73b86aafa46a83e4e8e047c4d4267392

SHA-1:

e077f04b6018332970225e2bdbeffdaa42643fd9

SHA-256:

0abb9cc1f630c8549210631e237c8336fffe4ff07db20ee1da8984929a8cd26a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/26/2024 12:31:01 AM UTC (today)

Scan engine

Detection

Engine version

NANO AntiVirus

Trojan.Win32.Rogue.crokvk

0.28.2.61519

File size:

17.5 KB (17,920 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/14/2004 11:45:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

384:5xYoN9qnNBG/WMUYTwCUuVPki9jlbIMlYB8gr5tKDN:nYKYeeYwAVPki9BbQBpr5

Entry address:

0x119F

Entry point:

6A, 0A, 33, C0, 50, 50, 50, FF, 15, 4C, 40, 40, 00, 50, E8, C1, 15, 00, 00, 50, FF, 15, 48, 40, 40, 00, CC, 56, 8B, 74, 24, 0C, 33, C0, 85, F6, 74, 1E, 8B, 4C, 24, 08, 33, D2, 8A, 11, 33, D0, 81, E2, FF, 00, 00, 00, C1, E8, 08, 33, 04, 95, 40, 50, 40, 00, 41, 4E, 75, E6, 5E, C3, 33, C0, 39, 05, 44, 54, 40, 00, 75, 1D, 50, 50, 68, 67, 06, 00, 00, FF, 35, 00, 55, 40, 00, C7, 05, 44, 54, 40, 00, 01, 00, 00, 00, FF, 15, 8C, 40, 40, 00, C3, 33, C0, 39, 05, 48, 54, 40, 00, 75, 1D, 50, 50, 68, 66, 06, 00, 00, FF... 
[+]

Code size:

9 KB (9,216 bytes)

The file the all steeing eye_install.exe has been seen being distributed by the following 4 URLs.

http://www.signssoftwarenew.com/WKPEsSA rlAeHnMW Mt52ZjTTNhpQpY3Imh07tp0tho7kbCi3UlOncc6 g36rIsDBU46I1POqI2yynsmkmXByrLCk sgZtjKpsArvtLtxzzuae5kXA1Kf1D_e9TRuWBCbbVFEdim Xqd3FFten9UwALevSnPtQ8Zd_tjvjj_hPjc7gp8l6ejlWUf_ckWwMgMjvdELrohFEFzrM9rEZ1hmFn mZ1UEJX0Xjf50iaov9gJAhOMg26BQSyeB1Y EJLRNF4yu_t8Rl1XSOQOFHNPRQS8JDhHTnIy2ZF9nwvc _ wNYt2jjeNH9vcSG xIq_xj5SZQMUgZUivXpb0sBqhj9_mRr TxS3b6BbP1fWYP8X27DcT5HP__5N7ATrP_0UzIajgn8aDwL6evnjlfOZGZ5UdBBjf3LJTCi9L9F31ZzlWbFx8Hr_9OTiWt90 MiMorkTIZbi0k7lLcTMqu9uH8jteVwQkc3BFGZa2a7Qrf1 NaE P0pMcG8ZZNr4X2m4X_ j Xn P-G1kAAGRgnq2tQUxzBvzDBhy4RBRoADrRnW3ex 66tiXAF qXZa0mo5VE8NXVYD5NYCVvsP7VUP3V8nmJavltsedWVqWGhZraaoz_CRWoRZRgMIbGWZoA-e

http://gsf-cf.softonic.com/e07/7f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=25590&instance=softonic_en&type=PROGRAM&Expires=1424212849&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=VQSKT-jIcnb6ASBZ3-wZqXU7K1F4I9B4T249nrgwzv2PZe5WSmEdiUsiaFIOxk4AatI8AwGbAbBvaWnxUgJTFfQz1F~itW6ORXHBet6HlfomnXbauV~5J5uAr4VbAXsSfjyipFMXKCSGqls4KEICs-K6rKMTxKCxOTIKRhoiGkc_&filename=eyeinst.exe

http://gsf-cf.softonic.com/e07/7f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=25590&instance=softonic_en&type=PROGRAM&Expires=1449064306&Signature=Z60Y7tq9wsewGk6efvucSwpZXhd2dfB9RT1gGtMSkj3B9qwUXS5Qx48IeuKwdRFyoXCXbPUuk2PCdsuYOSKErY6nnrngF5rLm2Z8qi3z113ggOjUQAALkF26PFTrLQK0lTCmkCNSlgKYN98No5By3GQzXfJgiTqwFLeG1acJauE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=eyeinst.exe

https://secure.inndl.com/.../the-all-seeing-eye.exe

Scan the all steeing eye_install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.