home

AnalyzePESig.exe

AnalyzePESig

Didier Stevens

Publisher:
Didier Stevens (https://DidierStevens.com)  (signed by Didier Stevens)

Product:
AnalyzePESig

Version:
0.0.0.3

MD5:
f0e8bab82d3d3077c81247ecd86f134b

SHA-1:
2444c94db0e0761724d10ffa617dd3cfd54767a1

SHA-256:
931a5fcf5c054a66a0466d1a0fc991baa3aabe9bfa3ebedb94ff7eb5e67ca16d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 9:17:07 PM UTC  (today)

File size:
116.5 KB (119,256 bytes)

Product version:
0.0.0.3

Copyright:
Public domain

Original file name:
AnalyzePESig.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
Didier Stevens

Authority:
GlobalSign nv-sa

Valid from:
10/4/2012 10:20:18 AM

Valid to:
11/24/2013 11:46:08 AM

Subject:
CN=Didier Stevens, C=BE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C09C7F085493BFFEF26D4560BA359F37

File PE Metadata
Compilation timestamp:
8/15/2013 4:53:39 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:9q3lrxAB9acQV+JPKfE5vl9fwnG6s3V2lkv343RxeOM9X:9qVF6R4fEJl9fwnKkkvI6OMp

Entry address:
0x107F8

Entry point:
48, 83, EC, 28, E8, E3, 03, 00, 00, 48, 83, C4, 28, E9, 9E, FD, FF, FF, FF, 25, 58, 2C, 00, 00, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, 50, B0, 00, 00, FF, 15, CA, 28, 00, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, CE, 2C, 00, 00, EB, 7E, B9, 08, 00, 00, 00, E8, 5E, 04, 00, 00, 90, 48, 8B, 0D, 22, B0, 00, 00, FF, 15, 9C, 28, 00, 00, 48, 89, 44, 24, 38, 48, 8B, 0D, 08, B0, 00, 00, FF, 15, 8A, 28, 00, 00, 48, 89, 44, 24, 40, 48, 8B, CB, FF, 15, 84, 28, 00, 00, 48, 8B, C8, 4C...
 
[+]

Entropy:
5.9889

Code size:
71 KB (72,704 bytes)

Scan AnalyzePESig.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.