home

sasdm.exe

SAS Deployment Wizard

SAS Institute Inc.

The executable sasdm.exe, “SDW window launcher application” has been detected as malware by 12 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program SAS 9.3 by SAS.
Publisher:
SAS Institute Inc.  (signed and verified)

Product:
SAS Deployment Wizard

Description:
SDW window launcher application

Version:
9.3.0.11158

MD5:
1fd547ebeca6a583664d3606f6220b7e

SHA-1:
375b46054f66ac3883454690d6507176a248ae23

SHA-256:
7b3efdf8ae2980cbbc42c6163f5907be387448e287b7c9cb80860c9dc17fc3b3

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/16/2024 7:25:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160414-2

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!1FD547EBECA6
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1671.0

Norman
Win32.Floxif.A
28.05.2016 15:32:18

Sophos
Virus 'W32/Floxif-C'
5.23

VIPRE Antivirus
Threat.4760052
49578

File size:
149.8 KB (153,391 bytes)

Product version:
9.3.0.11158

Copyright:
Copyright © 2011 by SAS Institute Inc.

Trademarks:
The following are registered trademark or trademarks of SAS Institute Inc. in the USA and other countries: Refer to page ii of the SAS Language Refere

Original file name:
Winlauncher_Admin.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sashome\sasdeploymentmanager\9.3\sasdm.exe

Digital Signature
Signed by:
SAS Institute Inc.

Authority:
VeriSign, Inc.

Valid from:
9/14/2010 12:00:00 AM

Valid to:
9/13/2013 11:59:59 PM

Subject:
CN=SAS Institute Inc., OU=Research & Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SAS Institute Inc., L=Cary, S=North Carolina, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
039443E27C41610B8127A610DEDC93A0

File PE Metadata
Compilation timestamp:
6/8/2011 1:25:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:H2JcusE8T5Ptz4I22lQBV+UdE+rECWp7hKbyj1:HaVzi8BV+UdvrEFp7hKA

Entry address:
0x86BF

Entry point:
E9, C5, DF, FF, FF, 68, 38, A3, 40, 00, 68, 46, 88, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 90, A1, 40, 00, 59, 83, 0D, 18, CF, 40, 00, FF, 83, 0D, 1C, CF, 40, 00, FF, FF, 15, 8C, A1, 40, 00, 8B, 0D, 0C, CF, 40, 00, 89, 08, FF, 15, 88, A1, 40, 00, 8B, 0D, 08, CF, 40, 00, 89, 08, A1, 84, A1, 40, 00, 8B, 00, A3, 14, CF, 40, 00, E8, 17, 01, 00, 00, 39, 1D, 40, CC, 40, 00, 75, 0C, 68, 42, 88, 40, 00, FF, 15, 80, A1...
 
[+]

Entropy:
7.0774

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
36 KB (36,864 bytes)

Program Uninstaller
Program name:
SAS 9.3

Display publisher:
SAS

Uninstall string:
"C:\Program Files\SASHome\SASDeploymentManager\9.3\sasdm.exe" -uninstall


Remove sasdm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.