× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20c7c13f8ca754575ca587ea2d90eded163f15b488cc1cd825ff225edeed169b
File name: Nessus
Detection ratio: 0 / 57
Analysis date: 2015-10-05 13:11:51 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware 20151005
AegisLab 20151005
Yandex 20151004
AhnLab-V3 20151004
Alibaba 20150927
ALYac 20151005
Antiy-AVL 20151005
Arcabit 20151005
Avast 20151005
AVG 20151005
Avira (no cloud) 20151005
AVware 20151005
Baidu-International 20151005
BitDefender 20151005
Bkav 20151005
ByteHero 20151005
CAT-QuickHeal 20151005
ClamAV 20151002
CMC 20151005
Comodo 20151005
Cyren 20151005
DrWeb 20151005
Emsisoft 20151005
ESET-NOD32 20151005
F-Prot 20150929
F-Secure 20151005
Fortinet 20151005
GData 20151005
Ikarus 20151005
Jiangmin 20151003
K7AntiVirus 20151005
K7GW 20151005
Kaspersky 20151005
Kingsoft 20151005
Malwarebytes 20151005
McAfee 20151005
McAfee-GW-Edition 20151005
Microsoft 20151005
eScan 20151005
NANO-Antivirus 20151005
nProtect 20151002
Panda 20151005
Qihoo-360 20151005
Rising 20151004
Sophos AV 20151005
SUPERAntiSpyware 20151005
Symantec 20151004
Tencent 20151005
TheHacker 20151002
TotalDefense 20151005
TrendMicro 20151005
TrendMicro-HouseCall 20151005
VBA32 20151003
VIPRE 20151005
ViRobot 20151005
Zillya 20151005
Zoner 20151005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1998 - 2013 Tenable Network Security, Inc

Publisher Tenable Network Security Inc.
Product Nessus
Internal name Nessus
File version 5.0.3
Signature verification Signed file, verified signature
Signing date 9:42 PM 2/11/2013
Signers
[+] Tenable Network Security Inc.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 9/16/2011
Valid to 1:00 PM 9/16/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 2666E05C4B589B5BFDDF1690E24A739C0DD10775
Serial number 0B 58 20 8B 36 24 8F 71 8B 1B FB 45 0A D2 E4 5E
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer None
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm SHA1
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer None
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-11 20:42:30
Entry Point 0x00001809
Number of sections 5
PE sections
Overlays
MD5 068ec3feaa094087ae408f451f766caa
File type data
Offset 10240
Size 6888
Entropy 7.16
PE imports
RegisterEventSourceW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerW
ReportEventW
StartServiceCtrlDispatcherW
GetLastError
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
WaitForMultipleObjects
InterlockedCompareExchange
SetStdHandle
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
DecodePointer
GetExitCodeProcess
TerminateProcess
CreateEventW
CreateProcessW
Sleep
EncodePointer
GetCurrentThreadId
memset
__dllonexit
_controlfp_s
_invoke_watson
_fmode
_cexit
?terminate@@YAXXZ
_lock
_onexit
__initenv
exit
_XcptFilter
_commode
__setusermatherr
_initterm_e
_amsg_exit
_unlock
_crt_debugger_hook
_except_handler4_common
__getmainargs
_exit
_swprintf
_configthreadlocale
_initterm
__set_app_type
Number of PE resources by type
TEXTINCLUDE 3
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
5632

ImageVersion
0.0

ProductName
Nessus

FileVersionNumber
5.0.3.23221

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.0.3

TimeStamp
2013:02:11 21:42:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nessus

ProductVersion
5.0.3

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 1998 - 2013 Tenable Network Security, Inc

MachineType
Intel 386 or later, and compatibles

CompanyName
Tenable Network Security, Inc

CodeSize
3584

FileSubtype
0

ProductVersionNumber
5.0.3.23221

EntryPoint
0x1809

ObjectFileType
Dynamic link library

File identification
MD5 e3261ce5fe6bb84b9b9ef8a39d38f28a
SHA1 3dbfdcfe3216fc70db6328ae845d9efcc1de6fd2
SHA256 20c7c13f8ca754575ca587ea2d90eded163f15b488cc1cd825ff225edeed169b
ssdeep
384:k6WAjUndZMeSSHuVYEdnYPLnd9/Zs03DSKoY:kDyUn4SIYoc+DY

authentihash 38edd6cb8154a001fa07e83549e8187e25e393e82a8a4a8259aef8bdc7dc0a14
imphash f978e4699cfb98fff746893746783cdc
File size 16.7 KB ( 17128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-04-18 04:24:45 UTC ( 6 years ago )
Last submission 2013-04-18 04:24:45 UTC ( 6 years ago )
File names vt-upload-czlFo
nessus-service.exe
Nessus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!