× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88092337c23e6d729f03b0cf810d5327fa00dfe72e48ac6f247a2904c07767a9
File name: SysInspector(64).exe
Detection ratio: 0 / 55
Analysis date: 2016-01-17 05:15:20 UTC ( 3 weeks, 2 days ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20160117
AVG 20160117
AVware 20160111
AegisLab 20160116
Agnitum 20160116
AhnLab-V3 20160116
Alibaba 20160115
Antiy-AVL 20160117
Arcabit 20160117
Avast 20160116
Avira 20160116
Baidu-International 20160116
BitDefender 20160117
Bkav 20160116
ByteHero 20160117
CAT-QuickHeal 20160116
CMC 20160111
ClamAV 20160116
Comodo 20160117
Cyren 20160117
DrWeb 20160117
ESET-NOD32 20160117
Emsisoft 20160117
F-Prot 20160117
F-Secure 20160116
Fortinet 20160117
GData 20160117
Ikarus 20160116
Jiangmin 20160117
K7AntiVirus 20160117
K7GW 20160117
Kaspersky 20160117
Kingsoft 20160117
Malwarebytes 20160117
McAfee 20160117
McAfee-GW-Edition 20160117
MicroWorld-eScan 20160117
Microsoft 20160117
NANO-Antivirus 20160117
Panda 20160116
Qihoo-360 20160117
Rising 20160116
SUPERAntiSpyware 20160116
Sophos 20160116
Symantec 20160116
TheHacker 20160116
TotalDefense 20160117
TrendMicro 20160117
TrendMicro-HouseCall 20160117
VBA32 20160115
VIPRE 20160117
ViRobot 20160116
Zillya 20160116
Zoner 20160117
nProtect 20160115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1992 - 2013 ESET, spol. s r.o. All rights reserved.

Publisher ESET
Product ESET SysInspector
Original name SysInspector.exe
Internal name ESET SysInspector
File version 1.2.042.0
Description ESET SysInspector - System Analyzer Tool
Signature verification Signed file, verified signature
Signing date 10:08 AM 7/22/2013
Signers
[+] ESET
Status
Valid from 1:00 AM 5/7/2013
Valid to 12:59 AM 7/6/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 65AFAA515036C38C9EC28248C453FB0F6B1E7094
Serial number 1F E3 DE 40 01 9F 83 3A FF 5D 55 B9 98 D7 12 A8
[+] VeriSign Class 3 Code Signing 2010 CA
Status
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2013-07-22 08:55:33
Entry Point 0x00053880
Number of sections 5
PE sections
Overlays
MD5 68dcb1c9993c272f64a3184d6ee9d260
File type data
Offset 3727872
Size 29856
Entropy 7.73
PE imports
RegCreateKeyW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
QueryServiceStatus
DuplicateToken
RegEnumKeyW
RegOpenKeyW
ImpersonateSelf
RegQueryValueW
GetTokenInformation
DuplicateTokenEx
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
RegDeleteValueW
RevertToSelf
StartServiceW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
CreateServiceW
SetThreadToken
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertNameToStrW
SetDIBits
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBitmapBits
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
LPtoDP
PtVisible
GetClipBox
GetBitmapBits
SelectObject
BitBlt
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
RectInRegion
CreateSolidBrush
DeleteObject
GetObjectW
CreateBitmap
CreateDIBSection
SetTextColor
GetCurrentObject
MoveToEx
ExtTextOutW
GetTextExtentPoint32W
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
LineTo
GetDIBits
ExtSelectClipRgn
CreateCompatibleDC
StretchBlt
SetBkMode
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
Escape
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetOverlappedResult
FlsGetValue
GetFileAttributesW
GetCommandLineW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
RtlUnwindEx
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
HeapAlloc
FlsSetValue
GetModuleFileNameA
HeapSetInformation
EnumResourceLanguagesW
RtlVirtualUnwind
GetVolumeInformationW
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
GlobalAddAtomW
MoveFileExW
FlushFileBuffers
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
FreeLibrary
GetStartupInfoA
UnlockFile
RtlPcToFileHeader
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
CompareStringA
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GlobalAlloc
GetTimeZoneInformation
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetTimeFormatW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
RtlAddFunctionTable
RtlDeleteFunctionTable
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
WritePrivateProfileStringW
lstrcpynW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
RtlCaptureContext
GetACP
GetVersion
FreeResource
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
SHGetDesktopFolder
SHGetMalloc
CommandLineToArgvW
MapWindowPoints
GetMessagePos
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetUpdateRgn
GetWindowTextW
RegisterClipboardFormatW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
DestroyWindow
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
GetMenuState
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
SetClipboardData
GetIconInfo
RegisterClassW
GetWindowPlacement
LoadStringW
WinHelpW
IsIconic
GetSubMenu
OpenClipboard
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetCursorPos
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
SetWindowLongPtrW
LockWindowUpdate
BeginPaint
OffsetRect
DefWindowProcW
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetClassLongPtrW
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetClientRect
ExitWindowsEx
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
SetWindowContextHelpId
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetWindowLongPtrW
GetDesktopWindow
SystemParametersInfoW
GetDC
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableMenuItem
IsRectEmpty
GetFocus
wsprintfW
CloseClipboard
SetCursor
RemovePropW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
getsockopt
setsockopt
ioctlsocket
htonl
socket
__WSAFDIsSet
recv
inet_addr
send
getservbyport
WSAStartup
gethostbyname
select
ntohs
connect
inet_ntoa
htons
closesocket
gethostbyaddr
WSAGetLastError
getservbyname
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoGetClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
OleInitialize
Number of PE resources by type
RT_STRING 65
PNG 35
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 13
RT_DIALOG 10
RT_RCDATA 6
GIF 5
RT_BITMAP 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 171
Debug information
ExifTool file metadata
LegalTrademarks
NOD, NOD32, AMON, ESET are registered trademarks of ESET.

SubsystemVersion
5.2

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.42.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ESET SysInspector - System Analyzer Tool

CharacterSet
Windows, Latin1

InitializedDataSize
2649088

EntryPoint
0x53880

OriginalFileName
SysInspector.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1992 - 2013 ESET, spol. s r.o. All rights reserved.

FileVersion
1.2.042.0

TimeStamp
2013:07:22 09:55:33+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
ESET SysInspector

ProductVersion
1.2.042.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
ESET

CodeSize
1077760

ProductName
ESET SysInspector

ProductVersionNumber
1.2.42.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 42ff236aff585f25b9e409b996cebde2
SHA1 db2dd6588f1dea4ab7fb3d471d05489ba5feb2a3
SHA256 88092337c23e6d729f03b0cf810d5327fa00dfe72e48ac6f247a2904c07767a9
ssdeep
49152:Z7XQX439DMBnDTw2irH4CdmZZoeYF6cN6Tc6F0gTaeyA/gCqJncyGyOeaTUd3m:Q4JY4DFb6oVGaeyA/gLnsrhT82

authentihash 49c66faf29a7bee772776cd66203b396e57adfc17b3b77e6a9c4043b7aea56b1
imphash c802e8c3794855976d89f5352010817a
File size 3.6 MB ( 3757728 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2013-08-07 20:51:38 UTC ( 2 years, 6 months ago )
Last submission 2016-01-17 05:15:20 UTC ( 3 weeks, 2 days ago )
File names SysInspector.exe
SysInspector.exe
20130722_Eset_SysInspector_64.exe
SysInspector.exe
SysInspector.exe
file-5813327_exe
SysInspector.exe
SysInspector.exe
SysInspector.exe
SysInspector (1).exe
SysInspector64.exe
ESET SysInspector_1.2.42.exe
SysInspector(64).exe
SysInspector.exe
SysInspector.exe
sysinspector64.exe
ESET SysInspector 1.2.042.0_softpedia_SysInspector.exe
SysInspector.exe
SysInspector.exe
SysInspector(1).exe
ESET SysInspector
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!