home

zeroaccessdetectiontool_v2.exe

CSIS detection

CSIS Security Group A/S

This is a setup program which is used to install the application. The file has been seen being downloaded from www.csis.dk.
Publisher:
CSIS Security Group A/S  (signed and verified)

Product:
CSIS detection

Description:
ZeroAccessDetectionTool

Version:
1.0.0.0

MD5:
3253a29c490712597644ce2ce0132e5b

SHA-1:
c991029cd88b984b4aef6d52a5cc48458d8d8ffa

SHA-256:
f50f567e7a826e628cef6b93c57f9a072c03766843914466000a153aa03259ac

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 5:33:56 PM UTC  (today)

File size:
2 MB (2,137,784 bytes)

Product version:
1.0.0.0

Copyright:
(c) CSIS Security Group A/S. All rights reserved.

Original file name:
ZeroAccessDetectionTool.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
CSIS Security Group A/S

Authority:
Thawte, Inc.

Valid from:
4/20/2011 2:00:00 AM

Valid to:
4/20/2013 1:59:59 AM

Subject:
CN=CSIS Security Group A/S, OU=CSIS Operations, O=CSIS Security Group A/S, L=Copenhagen, S=Denmark, C=DK

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6D62D441966EE037399103B7CD093B93

File PE Metadata
Compilation timestamp:
10/10/2012 10:24:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:wSMjK7syb70xLZBoau/Rhg6JQ5BhV5fMXQoLafedRVZ4FKasJX/bsWWPDbbbbLbY:57syb70toBRhg6oV5fMX+fedDZ4FKash

Entry address:
0xF81F3

Entry point:
E8, 60, 6C, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 7C, 33, 56, 00, 75, 02, F3, C3, E9, E7, 6C, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, E4, 68, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, F0, 3C, 56, 00, 74, 12, 8B, 0D, A8, 3A, 56, 00, 85, 48, 70, 75, 07, E8, 51, 77, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, B0, 39, 56, 00, 74, 16, 8B, 46, 08, 8B, 0D, A8, 3A, 56, 00, 85, 48, 70, 75, 08, E8, B0, 6F, 00, 00, 89, 46, 04, 8B, 46, 08, F6...
 
[+]

Code size:
1.1 MB (1,159,168 bytes)

The file zeroaccessdetectiontool_v2.exe has been seen being distributed by the following URL.

https://www.csis.dk/.../ZeroAccessDetectionTool_v2.exe

Scan zeroaccessdetectiontool_v2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.