× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88092337c23e6d729f03b0cf810d5327fa00dfe72e48ac6f247a2904c07767a9
File name: SysInspector(64).exe
Detection ratio: 0 / 57
Analysis date: 2016-04-29 05:56:04 UTC ( 1 month, 3 weeks ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20160429
AVG 20160429
AVware 20160429
Ad-Aware 20160429
AegisLab 20160429
AhnLab-V3 20160428
Alibaba 20160429
Antiy-AVL 20160429
Arcabit 20160429
Avast 20160429
Avira (no cloud) 20160429
Baidu 20160428
Baidu-International 20160428
BitDefender 20160429
Bkav 20160428
CAT-QuickHeal 20160428
CMC 20160428
ClamAV 20160429
Comodo 20160429
Cyren 20160429
DrWeb 20160429
ESET-NOD32 20160429
Emsisoft 20160429
F-Prot 20160429
F-Secure 20160429
Fortinet 20160429
GData 20160429
Ikarus 20160428
Jiangmin 20160429
K7AntiVirus 20160428
K7GW 20160429
Kaspersky 20160429
Kingsoft 20160429
Malwarebytes 20160429
McAfee 20160429
McAfee-GW-Edition 20160429
eScan 20160429
Microsoft 20160429
NANO-Antivirus 20160429
Panda 20160428
Qihoo-360 20160429
Rising 20160429
SUPERAntiSpyware 20160429
Sophos 20160428
Symantec 20160429
Tencent 20160429
TheHacker 20160429
TotalDefense 20160426
TrendMicro 20160429
TrendMicro-HouseCall 20160429
VBA32 20160428
VIPRE 20160429
ViRobot 20160429
Yandex 20160428
Zillya 20160429
Zoner 20160429
nProtect 20160428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1992 - 2013 ESET, spol. s r.o. All rights reserved.

Product ESET SysInspector
Original name SysInspector.exe
Internal name ESET SysInspector
File version 1.2.042.0
Description ESET SysInspector - System Analyzer Tool
Signature verification Signed file, verified signature
Signing date 10:08 AM 7/22/2013
Signers
[+] ESET
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 5/7/2013
Valid to 12:59 AM 7/6/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 65AFAA515036C38C9EC28248C453FB0F6B1E7094
Serial number 1F E3 DE 40 01 9F 83 3A FF 5D 55 B9 98 D7 12 A8
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2013-07-22 08:55:33
Entry Point 0x00053880
Number of sections 5
PE sections
Overlays
MD5 68dcb1c9993c272f64a3184d6ee9d260
File type data
Offset 3727872
Size 29856
Entropy 7.73
PE imports
RegCreateKeyW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
QueryServiceStatus
DuplicateToken
RegEnumKeyW
RegOpenKeyW
ImpersonateSelf
RegQueryValueW
GetTokenInformation
DuplicateTokenEx
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
RegDeleteValueW
RevertToSelf
StartServiceW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
CreateServiceW
SetThreadToken
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CertFreeCertificateContext
CertDuplicateCertificateContext
CertNameToStrW
SetDIBits
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBitmapBits
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
LPtoDP
PtVisible
GetClipBox
GetBitmapBits
SelectObject
BitBlt
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
RectInRegion
CreateSolidBrush
DeleteObject
GetObjectW
CreateBitmap
CreateDIBSection
SetTextColor
GetCurrentObject
MoveToEx
ExtTextOutW
GetTextExtentPoint32W
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
LineTo
GetDIBits
ExtSelectClipRgn
CreateCompatibleDC
StretchBlt
SetBkMode
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
Escape
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetOverlappedResult
FlsGetValue
GetFileAttributesW
GetCommandLineW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
RtlUnwindEx
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
HeapAlloc
FlsSetValue
GetModuleFileNameA
HeapSetInformation
EnumResourceLanguagesW
RtlVirtualUnwind
GetVolumeInformationW
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
GlobalAddAtomW
MoveFileExW
FlushFileBuffers
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
FreeLibrary
GetStartupInfoA
UnlockFile
RtlPcToFileHeader
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
CompareStringA
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GlobalAlloc
GetTimeZoneInformation
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetTimeFormatW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
RtlAddFunctionTable
RtlDeleteFunctionTable
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
WritePrivateProfileStringW
lstrcpynW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
RtlCaptureContext
GetACP
GetVersion
FreeResource
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
SHGetDesktopFolder
SHGetMalloc
CommandLineToArgvW
MapWindowPoints
GetMessagePos
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
WindowFromPoint
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetUpdateRgn
GetWindowTextW
RegisterClipboardFormatW
CopyAcceleratorTableW
GetWindowTextLengthW
GetActiveWindow
InvalidateRgn
DestroyWindow
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
GetMenuState
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
SetClipboardData
GetIconInfo
RegisterClassW
GetWindowPlacement
LoadStringW
WinHelpW
IsIconic
GetSubMenu
OpenClipboard
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetCursorPos
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
SetWindowLongPtrW
LockWindowUpdate
BeginPaint
OffsetRect
DefWindowProcW
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetClassLongPtrW
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetClientRect
ExitWindowsEx
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
SetWindowContextHelpId
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetWindowLongPtrW
GetDesktopWindow
SystemParametersInfoW
GetDC
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableMenuItem
IsRectEmpty
GetFocus
wsprintfW
CloseClipboard
SetCursor
RemovePropW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
getsockopt
setsockopt
ioctlsocket
htonl
socket
__WSAFDIsSet
recv
inet_addr
send
getservbyport
WSAStartup
gethostbyname
select
ntohs
connect
inet_ntoa
htons
closesocket
gethostbyaddr
WSAGetLastError
getservbyname
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoGetClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
OleInitialize
Number of PE resources by type
RT_STRING 65
PNG 35
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 13
RT_DIALOG 10
RT_RCDATA 6
GIF 5
RT_BITMAP 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 171
Debug information
ExifTool file metadata
LegalTrademarks
NOD, NOD32, AMON, ESET are registered trademarks of ESET.

SubsystemVersion
5.2

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.42.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ESET SysInspector - System Analyzer Tool

CharacterSet
Windows, Latin1

InitializedDataSize
2649088

EntryPoint
0x53880

OriginalFileName
SysInspector.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1992 - 2013 ESET, spol. s r.o. All rights reserved.

FileVersion
1.2.042.0

TimeStamp
2013:07:22 09:55:33+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
ESET SysInspector

ProductVersion
1.2.042.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
ESET

CodeSize
1077760

ProductName
ESET SysInspector

ProductVersionNumber
1.2.42.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 42ff236aff585f25b9e409b996cebde2
SHA1 db2dd6588f1dea4ab7fb3d471d05489ba5feb2a3
SHA256 88092337c23e6d729f03b0cf810d5327fa00dfe72e48ac6f247a2904c07767a9
ssdeep
49152:Z7XQX439DMBnDTw2irH4CdmZZoeYF6cN6Tc6F0gTaeyA/gCqJncyGyOeaTUd3m:Q4JY4DFb6oVGaeyA/gLnsrhT82

authentihash 49c66faf29a7bee772776cd66203b396e57adfc17b3b77e6a9c4043b7aea56b1
imphash c802e8c3794855976d89f5352010817a
File size 3.6 MB ( 3757728 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2013-08-07 20:51:38 UTC ( 2 years, 10 months ago )
Last submission 2016-04-29 05:56:04 UTC ( 1 month, 3 weeks ago )
File names SysInspector.exe
SysInspector.exe
20130722_Eset_SysInspector_64.exe
SysInspector.exe
SysInspector.exe
file-5813327_exe
SysInspector.exe
SysInspector.exe
SysInspector.exe
SysInspector (1).exe
SysInspector64.exe
ESET SysInspector_1.2.42.exe
SysInspector(64).exe
SysInspector.exe
SysInspector.exe
sysinspector64.exe
ESET SysInspector 1.2.042.0_softpedia_SysInspector.exe
SysInspector.exe
SysInspector.exe
SysInspector(1).exe
ESET SysInspector
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!