home

eyesrv.exe

Alchemy Eye

Sergey Sushko

It runs as a separate (within the context of its own process) windows Service named “Alchemy Eye”.
Publisher:
Alchemy Lab  (signed by Sergey Sushko)

Product:
Alchemy Eye

Version:
10, 5, 5, 0

MD5:
779ba80fe3d2dc79f45529577b146e8f

SHA-1:
4f932a72e3052cc2303090d7c0922bc4a144bc9d

SHA-256:
5d4c6138af827fc21d4fc88abaa9a586cda103a20cfd6f88b125e679ca13273f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 9:38:48 PM UTC  (today)

File size:
583.1 KB (597,136 bytes)

Product version:
10, 5, 5, 0

Copyright:
Copyright (C) Alchemy Lab, 1999-2009

Original file name:
KHW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\network administrators toolkit\alchemy eye\eyesrv.exe

Digital Signature
Signed by:
Sergey Sushko

Authority:
The USERTRUST Network

Valid from:
8/27/2009 3:00:00 AM

Valid to:
8/28/2010 2:59:59 AM

Subject:
CN=Sergey Sushko, O=Sergey Sushko, STREET=Vernadskogo 93-1-85, L=Moscow, S=MO, PostalCode=119526, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
17AC2748B458B5782943ED1A32C313E2

File PE Metadata
Compilation timestamp:
1/11/2010 8:52:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:57XoADzzjbAPIUwCeCwfzNVYEHZ3cZrEKgFHBtmqHhxM1sl9rTmm2xOnLVAK9PHr:NpnzjbYIXxlD39FHBtZhx6M9rTRS2LJr

Entry address:
0x1000

Entry point:
68, 01, 10, 5A, 00, E8, 01, 00, 00, 00, C3, C3, E4, 0F, 02, 70, 27, 22, C1, 63, 48, DB, 2D, 61, 6C, 58, 2B, 0A, 16, B1, 60, AC, 04, 95, 2A, 91, BC, E7, 19, C5, 2D, 4A, A7, 73, 46, D9, B0, 17, 45, 64, 6A, D4, 16, 46, 13, AC, E1, C7, 9B, D2, F7, AC, CC, 37, 17, BB, 89, 74, DB, D3, 35, 3B, A9, BD, D7, 7B, 63, 51, 59, 0A, 54, 15, 37, BB, 11, 97, 72, 5E, B2, ED, 83, 65, DE, C1, E4, DD, BC, 6F, 66, F4, E0, 91, B3, CF, 39, E4, 27, C9, 27, 7A, 90, 4C, B5, 72, EE, E6, 5D, 7B, F9, F5, CD, FC, 64, 4B, F8, 4A, 5B, BD...
 
[+]

Entropy:
7.7596

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.1 MB (1,204,224 bytes)

Service
Display name:
Alchemy Eye

Service name:
eye

Type:
Win32OwnProcess


Scan eyesrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.