sap tutor.exe

DIaLOGIKa Setup32: A Small Setup Program

SAP AG

The executable sap tutor.exe, “PACK: A Small Packaging Program” has been detected as malware by 6 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
DIaLOGIKa  (signed by SAP AG)

Product:
DIaLOGIKa Setup32: A Small Setup Program

Description:
PACK: A Small Packaging Program

Version:
1.00

MD5:
c158ab9c8befde7993bdd1258881d1e6

SHA-1:
2450cba0046f7962bddf89b54001a198f8cba698

SHA-256:
a1b3991ef59d0fdc0feb1e4d65f0b2f6724db974321c77b3f9602619bd3dde8b

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/15/2024 4:03:45 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen.lF6o
2.1.4+

Avira AntiVirus
TR/Agent.yhil
8.3.3.4

avast!
Win32:Evo-gen [Susp]
2014.9-161008

Bkav FE
HW32.Packed
1.3.0.8383

IKARUS anti.virus
Trojan.Agent
t3scan.2.1.6.0

Qihoo 360 Security
Win32/Trojan.97a
1.0.0.1120

File size:
2.4 MB (2,468,608 bytes)

Product version:
1.0

Copyright:
Copyright © DIaLOGIKa/dast 2001

Original file name:
PACK.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/22/2005 5:30:00 AM

Valid to:
7/6/2006 5:29:59 AM

Subject:
CN=SAP AG, OU=GBU HCM NAD A&E, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SAP AG, L=Walldorf, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
466A413BE35075AD7BBCEF6B63AD8715

File PE Metadata
Compilation timestamp:
1/15/2002 4:19:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Vm510f2eDAP9drHGRzVrionvNpkm44AkhCtU4Z3WfUvJ2N:Vm5afPAPrrHGR1iovzkP4yFBvJ2N

Entry address:
0x2635

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 61, 40, 00, 68, 00, 33, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 94, 60, 40, 00, 33, D2, 8A, D4, 89, 15, 00, A8, 48, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, FC, A7, 48, 00, C1, E1, 08, 03, CA, 89, 0D, F8, A7, 48, 00, C1, E8, 10, A3, F4, A7, 48, 00, 33, F6, 56, E8, 16, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, E1, 07, 00, 00, FF, 15, 04, 60, 40, 00, A3, B8, AF, 48, 00, E8...
 
[+]

Entropy:
7.7754

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Remove sap tutor.exe - Powered by Reason Core Security