home

20130320-006-v5i64.exe

Symantec Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from definitions.symantec.com.
Publisher:
Symantec Corporation  (signed and verified)

MD5:
79f31c191a233954554ae9db2d022ce0

SHA-1:
a7d9b8edef987f7bc49e27c6749f6e2cb973c5e9

SHA-256:
a20b9d6145e1023ec530a46ff8bd0027e2bee804a1c7309bfd9fe92ebe69fe2e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 4:14:40 PM UTC  (today)

File size:
193.4 MB (202,753,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\20130320-006-v5i64.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
9/8/2010 1:00:00 AM

Valid to:
11/23/2013 11:59:59 PM

Subject:
CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
66660552D465B31F429F7527EA6A93BF

File PE Metadata
Compilation timestamp:
2/17/2012 2:55:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6291456:CQtM5UiZUTCG8b0FEZkDhLNNF9C8trt5lkCYRY5DmFaD/xZ:CyMlZU4Y3JNHkoPlkCKYpX/j

Entry address:
0xB583

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, F2, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, EE, 9F, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 17, A5, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 32, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9981  (probably packed)

Code size:
71.5 KB (73,216 bytes)

The file 20130320-006-v5i64.exe has been seen being distributed by the following URL.

http://definitions.symantec.com/.../20130320-006-v5i64.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.