enx7inst.exe

Thomson Reuters (Scientific) LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from onedrive.live.com and multiple other hosts.
Publisher:
Thomson Reuters  (signed by Thomson Reuters (Scientific) LLC)

Description:
EndNote X7

Version:
17.4.0.8818

MD5:
0f4fe2b6e751c7721000123c5d9944b7

SHA-1:
5a41b263f7953c73fb967291397a6c1391b141af

SHA-256:
dbea6fa3da17a07e603f35ad8f2f9fd81113fca17072ecab84f58296bc30fee3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 11:25:30 PM UTC  (a few moments ago)

File size:
86.3 MB (90,463,296 bytes)

Copyright:
Thomson Reuters

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\enx7inst.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/23/2015 4:30:00 AM

Valid to:
6/22/2018 4:29:59 AM

Subject:
CN=Thomson Reuters (Scientific) LLC, O=Thomson Reuters (Scientific) LLC, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4B433D078A66BCB9AFC81ECCED4B3E6C

File PE Metadata
Compilation timestamp:
4/8/2005 7:16:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1572864:T+GIVKEdQOZeDJTK3RO0f5ooOYIX6b6utBvuQ8OvD8hSGHwJ2CV/xonXYT75tZGL:TAKEOOcDJm3tf5Lpb6y8G8hMJvkIT9tI

Entry address:
0x4095

Entry point:
55, 8D, 6C, 24, 88, 81, EC, EC, 0F, 00, 00, 53, 56, 57, 6A, 04, FF, 15, F4, 70, 40, 00, 33, FF, 89, 7D, 2C, 89, 7D, 20, 89, 7D, 04, 89, 7D, 28, 89, 7D, 24, 89, 7D, 1C, 89, 7D, 10, 89, 7D, 4C, 89, 7D, 08, 89, 7D, 14, 89, 7D, 18, FF, 15, B8, 70, 40, 00, 8B, F0, 8A, 06, 3C, 22, 89, 75, 58, 75, 24, EB, 04, 3C, 22, 74, 0E, 46, 8A, 06, 84, C0, 89, 75, 58, 75, F2, 3C, 22, 75, 14, 46, 89, 75, 58, EB, 0E, 3C, 20, 74, 0F, 46, 8A, 06, 89, 75, 58, 84, C0, 75, F2, 80, 3E, 20, 75, 09, 46, 80, 3E, 20, 74, FA, 89, 75, 58...
 
[+]

Entropy:
7.9840  (probably packed)

Code size:
23 KB (23,552 bytes)

The file enx7inst.exe has been seen being distributed by the following 6 URLs.

https://onedrive.live.com/.../1yMJW7K4wfkxUgYo lnhum8=9&ithint=.exe

http://wgtot59.digitalriver.com/wgt/9B5A4FCEF11DA80C/171F14235882A3D34841170D5B9DEF7BA00B09F3C55397D0DF336B0C9A77B955E902B764E7D4099317DAC8B729F63BF0D42B5F6695BDCFAEA906AB25593D2FF51B38B9787ABC2BAD8729B2934C42F7D70A7DE0793B014624647C638FDE4F6D4D/.../ENX7.4Inst.exe

http://swtools.ksu.edu.sa/soft/.../ENX7Inst.exe

http://w.x.baidu.com/alading/.../28177

Scan enx7inst.exe - Powered by Reason Core Security