× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372
File name: InSpectre.exe
Detection ratio: 3 / 69
Analysis date: 2019-01-31 09:51:05 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
Cylance Unsafe 20190131
Fortinet W32/Generic.A!tr 20190131
Rising Trojan.Generic!8.C3 (CLOUD) 20190131
Acronis 20190130
Ad-Aware 20190131
AegisLab 20190131
AhnLab-V3 20190131
Alibaba 20180921
ALYac 20190131
Antiy-AVL 20190131
Arcabit 20190131
Avast 20190131
Avast-Mobile 20190131
AVG 20190131
Avira (no cloud) 20190131
Babable 20180918
Baidu 20190131
BitDefender 20190131
Bkav 20190130
CAT-QuickHeal 20190130
ClamAV 20190131
CMC 20190130
Comodo 20190131
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190131
DrWeb 20190131
eGambit 20190131
Emsisoft 20190131
Endgame 20181108
ESET-NOD32 20190131
F-Prot 20190131
F-Secure 20190131
GData 20190131
Ikarus 20190130
Sophos ML 20181128
Jiangmin 20190131
K7AntiVirus 20190131
K7GW 20190131
Kaspersky 20190131
Kingsoft 20190131
Malwarebytes 20190131
MAX 20190131
McAfee 20190131
McAfee-GW-Edition 20190131
Microsoft 20190131
eScan 20190131
NANO-Antivirus 20190131
Palo Alto Networks (Known Signatures) 20190131
Panda 20190130
Qihoo-360 20190131
SentinelOne (Static ML) 20190124
Sophos AV 20190131
SUPERAntiSpyware 20190130
Symantec 20190131
TACHYON 20190131
Tencent 20190131
TheHacker 20190129
Trapmine 20190123
TrendMicro 20190131
TrendMicro-HouseCall 20190131
Trustlook 20190131
VBA32 20190131
ViRobot 20190131
Webroot 20190131
Yandex 20190129
Zillya 20190130
ZoneAlarm by Check Point 20190131
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2018 Gibson Research Corp.

Product "InSpectre", by Steve Gibson
File version 0.0.6590.1
Description InSpectre: Meltdown and Spectre?
Signature verification Signed file, verified signature
Signing date 1:15 AM 1/16/2018
Signers
[+] Gibson Research Corporation
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 12:00 AM 03/28/2016
Valid to 12:00 PM 04/02/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CAB0CB462B1CCE1CD88CF8938FE465D872A375C3
Serial number 04 1C 39 70 0C 9E 31 7D 9E F5 2C B7 7D 6A C3 E7
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 PM 10/22/2013
Valid to 12:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-16 00:15:48
Entry Point 0x0000140A
Number of sections 2
PE sections
Overlays
MD5 85807c66eef83fa38e7b9fdb43137d41
File type data
Offset 117760
Size 7320
Entropy 7.16
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 13
RT_GROUP_CURSOR 1
WAVE 1
RT_MANIFEST 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
Author
Steve Gibson, Gibson Research Corporation, http://grc.com

SubsystemVersion
4.0

InitializedDataSize
139264

ImageVersion
0.0

ProductName
"InSpectre", by Steve Gibson

FileVersionNumber
0.0.6590.1

BuildTimestamp
2018/01/16 00:15:48 GMT

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

Description
InSpectre - Examines any Windows system for vulnerability to the Meltdown and Spectre attacks.

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

WebSiteforUpdates
https://www.GRC.com/inspectre.htm

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.0.6590.1

TimeStamp
2018:01:16 01:15:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.0.6590.1

FileDescription
InSpectre: Meltdown and Spectre?

OSVersion
4.0

FileOS
Unknown (0)

LegalCopyright
Copyright 2018 Gibson Research Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Gibson Research Corp.

CodeSize
12288

FileSubtype
0

ProductVersionNumber
0.0.0.0

UninitializedDataSize
0

EntryPoint
0x140a

ObjectFileType
Unknown

ReleaseNumber
1

File identification
MD5 1a6274cdd02b4fdd04f4031465f41fe7
SHA1 6076189fc4fafcd1d4330e8f485e74e96de7e933
SHA256 f263a23494d22a05f707faf4d0f4cc147b276f255309007d5f27d000a54b5372
ssdeep
3072:rAxK9mGrlqO+NDWQ+WMqoQpFWzqSlxPK+hib:kxK9zrrQ+WMMFWzqSntib

authentihash c0f4f75dc17ad5c4c5bde06a116c0354d94623110f17fa786cda2184ef8cdefe
imphash 09d0478591d4f788cb3e5ea416c25237
File size 122.1 KB ( 125080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
pecompact peexe signed overlay

VirusTotal metadata
First submission 2018-01-16 02:12:23 UTC ( 1 year, 1 month ago )
Last submission 2018-03-27 08:04:46 UTC ( 11 months ago )
File names InSpectre.exe
InSpectre.exe
InSpectre.exe
inspectre.exe
Inspectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
InSpectre.exe
1010-6076189fc4fafcd1d4330e8f485e74e96de7e933
InSpectre.exe
InSpectre.exe
InSpectre.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.