sar_15_sfx.exe

Sophos Limited

This is a setup program which is used to install the application. This is installed with Sophos Virus Removal Tool. The file has been seen being downloaded from secure2.sophos.com and multiple other hosts.
Publisher:
Sophos Limited  (signed and verified)

MD5:
9cbd37add6fa76a9326c6ce081364bfd

SHA-1:
b507f958319a1793a724af28237af8a7503eb6f8

SHA-256:
03cc375990b2c1d206a22082276469ba62036e0fa52fd49295a47813d2f093ce

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 8:39:47 AM UTC  (today)

File size:
1.3 MB (1,410,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\sar_15_sfx.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/3/2010 8:00:00 AM

Valid to:
12/3/2013 7:59:59 AM

Subject:
CN=Sophos Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sophos Limited, L=Abingdon, S=Oxfordshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
03224E125DA6703112040AB66621435F

File PE Metadata
Compilation timestamp:
1/15/2003 4:27:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:68PqJ1C4Cpl+LQxUbRN+3iBSkEVv1nFlX0jmMc6wr9/vb2KFdaWerjo:L6CV/WQ0B6v1nHkjmMVwrtvKKHtwo

Entry address:
0x1F150

Entry point:
60, BE, 00, 50, 41, 00, 8D, BE, 00, C0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9981

Packer / compiler:
UPX 2.90LZMA]

Code size:
44 KB (45,056 bytes)

The file sar_15_sfx.exe has been discovered within the following program.

Sophos Virus Removal Tool  by Sophos Limited
Publisher's description - “We know all about viruses and they’re a pain. They can slow down your computer or try to steal your data and you might not even know you’ve got one. What you need is a quick and easy way to find and get rid of them.”
www.sophos.com
7% remove it
 
Powered by Should I Remove It?

The file sar_15_sfx.exe has been seen being distributed by the following 4 URLs.