home

splunk-winevtlog.exe

splunk Application

SPLUNK INC

Publisher:
Splunk Inc.  (signed by SPLUNK INC)

Product:
splunk Application

Description:
Monitor windows event logs

Version:
5.0.6 (Build 185560)

MD5:
c76eec1339cdf674526678dbdca66c68

SHA-1:
aebb0ad626151b5ea2d12b0b580db30e88d4a338

SHA-256:
79d539cec2a57482312d7d346a50a9e492965e9c451c3272b30a066887528ee6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 2:25:31 PM UTC  (today)

File size:
12.5 MB (13,157,664 bytes)

Product version:
5.0.6 (Build 185560)

Copyright:
Copyright (C) 2005-2012

Original file name:
splunk-winevtlog.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\splunkuniversalforwarder\bin\splunk-winevtlog.exe

Digital Signature
Signed by:
SPLUNK INC

Authority:
VeriSign, Inc.

Valid from:
4/15/2013 5:00:00 PM

Valid to:
6/15/2015 4:59:59 PM

Subject:
CN=SPLUNK INC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SPLUNK INC, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DE1ACE61468BE2412430FC7A5AFE2B1

File PE Metadata
Compilation timestamp:
11/7/2013 4:18:40 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
98304:p9LD9/pLcF7RF2el2zPuEpWBnIn/g2uQH6hvhcNR23QQ7cL6QZyheqebU/DTWdNE:pN9xY9R4ele2p05Ha5sR0PgDk2dKlz

Entry address:
0x7AB940

Entry point:
48, 83, EC, 28, E8, 07, 09, 00, 00, 48, 83, C4, 28, E9, DE, FC, FF, FF, FF, 25, 88, F3, 02, 00, FF, 25, 8A, F3, 02, 00, FF, 25, 8C, F3, 02, 00, FF, 25, 8E, F3, 02, 00, FF, 25, 90, F3, 02, 00, FF, 25, 92, F3, 02, 00, FF, 25, 94, F3, 02, 00, FF, 25, 96, F3, 02, 00, FF, 25, 98, F3, 02, 00, FF, 25, 9A, F3, 02, 00, FF, 25, 9C, F3, 02, 00, FF, 25, 9E, F3, 02, 00, CC, CC, CC, CC, CC, CC, 48, 83, EC, 28, 48, 8B, 01, 81, 38, 63, 73, 6D, E0, 74, 07, 33, C0, 48, 83, C4, 28, C3, E8, 51, 09, 00, 00, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.5049

Code size:
7.8 MB (8,228,864 bytes)

Scan splunk-winevtlog.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.