home

gui740_5-10013011.exe

SAP Front-End Setup for the Windows Environment

SAP SE

This is a self-extracting archive and installer. The file has been seen being downloaded from elearning.xrh.unipi.gr and multiple other hosts.
Publisher:
SAP SE  (signed and verified)

Product:
SAP Front-End Setup for the Windows(R) Environment

Description:
SAP Self-Extractor

Version:
9, 0, 68, 0

MD5:
3f8ffb9553a658134eed6a56709d6856

SHA-1:
0f222f4422c580fcc623e269882b5d4b9d6859e5

SHA-256:
cfceb497583e20503db22d91e1565a669161c84071d1721819d1b8ae4012c380

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:31:34 PM UTC  (today)

File size:
103.8 MB (108,843,552 bytes)

Product version:
9, 0, 68, 0

Copyright:
Copyright (C)2001-2015 SAP SE

Original file name:
SapSx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
SAP SE

Authority:
Symantec Corporation

Valid from:
1/29/2015 6:00:00 PM

Valid to:
1/29/2018 5:59:59 PM

Subject:
CN=SAP SE, OU=SAP Production CSA2015, O=SAP SE, L=Walldorf/Baden, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
09E035A69DF1F83FB9032CD91905914F

File PE Metadata
Compilation timestamp:
10/5/2015 1:14:41 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3145728:kf85ctAzkjV0T3PvtI/nsCBV96edy7Z9UVUfO4M2:r5Ayk6edua+d

Entry address:
0x40695

Entry point:
E8, BC, B8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 53, 8B, 5D, 0C, 56, 57, 85, DB, 0F, 84, D5, 00, 00, 00, 33, C0, 66, 39, 03, 0F, 84, CA, 00, 00, 00, 39, 45, 08, 75, 61, 50, 50, 50, 53, FF, 15, 6C, 42, 46, 00, 85, C0, 75, 13, FF, 15, 34, 41, 46, 00, 50, E8, FA, 4C, 00, 00, 33, C0, E9, B0, 00, 00, 00, 8B, 75, 10, 3B, F0, 77, 02, 8B, F0, 81, FE, FF, FF, FF, 7F, 76, 12, E8, FE, 4C, 00, 00, C7, 00, 16, 00, 00, 00, 33, C0, E9, 8E, 00, 00, 00, 6A, 02, 56, E8, 3F, E7, FF, FF, 8B, F8, 59, 59, 85, FF, 75, 29, E8...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
394.5 KB (403,968 bytes)

The file gui740_5-10013011.exe has been seen being distributed by the following 4 URLs.

http://elearning.xrh.unipi.gr/elearning/mod/.../view.php?id=38699

https://www.dropbox.com/s/.../gui740_5-10013011.exe

https://docs.google.com/a/.../uc?export=download&confirm=Kb_m&id=0B1ZyPO6uqniVa1hMVF9qellvcG8&revid=0B1ZyPO6uqniVa0dMRnNRSkFBOHlseWVUamcrT1RtVjJrRmwwPQ

https://smpdla.sap.com/00000689/.../gui740_5-10013011.exe

Scan gui740_5-10013011.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.