home

setup_em13100_win64.exe

ouiSFX

Oracle, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from login.oracle.com and multiple other hosts.
Publisher:
Oracle, Inc.

Product:
ouiSFX

Description:
GUI self extractor

Version:
1, 0, 0, 1

MD5:
6e25b43d59d493b9a5f3a6df073eb87b

SHA-1:
f30575c156250e38694b9f9fa53674206b39bdd7

SHA-256:
84580df6bd9ec89a067e8494674eb6543f977521444c91ab1e03bac28cce317f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:47:19 AM UTC  (today)

File size:
962 MB (1,008,764,935 bytes)

Product version:
NGINST_MAIN_GENERIC_150812.1107 (52241)

Copyright:
Copyright (C) 1996,2014 Oracle and/or its affiliates. All rights reserved.

Original file name:
ouiSFX.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\setup_em13100_win64.exe

File PE Metadata
Compilation timestamp:
8/12/2015 10:02:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
25165824:EhMwZKYym6tyf/VxaeKfux+Q5E0SLglwqVYwsyldnUJx:EhMwP6toaebR5EJLgPNkx

Entry address:
0x10D3F4

Entry point:
E8, 49, F2, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 54, 24, 04, 89, 2A, 89, 5A, 04, 89, 7A, 08, 89, 72, 0C, 89, 62, 10, 8B, 04, 24, 89, 42, 14, C7, 42, 20, 30, 32, 43, 56, C7, 42, 24, 00, 00, 00, 00, 64, A1, 00, 00, 00, 00, 89, 42, 18, 83, F8, FF, 75, 09, C7, 42, 1C, FF, FF, FF, FF, EB, 3B, 8B, 4C, 24, 08, 0B, C9, 74, 0A, 8B, 44, 24, 0C, 89, 42, 24, 49, 75, 08, 8B, 40, 0C, 89, 42, 1C, EB, 21, 8B, 44, 24, 10, 89, 42, 1C, 49, 74, 17, 56, 57, 8D, 74, 24, 1C, 8D, 7A, 28, 83, F9, 06, 76, 05, B9, 06, 00, 00, 00...
 
[+]

Code size:
1.2 MB (1,263,104 bytes)

The file setup_em13100_win64.exe has been seen being distributed by the following 3 URLs.

https://login.oracle.com/pls/.../orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~CA55CD32~4C2C8496F1A4A9E24FD54B7E251205E82170A42339AC8199767016E73E3C535923A34E9AD82D3F42348137739E2622D9B30422E73D6B8643106125E730F89AEF252A75760F964A362ADA200A57CF15EE4A80DEED14FAA94A0E21C2DEE7D43099C49E3678D14053296490F1E27DFB3DB50934C7CCA384DC684617BEF4B58F8FB9594F22C3FE98F93B965BF48F50F0B2754858DE2AFDA705774107D11F69DA5C44C24BC5B3D6C3606B9EA9EA3D19C6961FA03C3C080D8D88461DFC23EB09D2463228181DACC2F469D9073D187E20103CC019DBEB97B312F375F11F9116E278A690D77792587FAFAFC9378BA4E955B200CF80DF4E6DAB492F23

https://login.oracle.com/oam/server/.../auth_cred_submit

https://edelivery.oracle.com/akam/otn/nt/oem/.../setup_em13100_win64.exe

Scan setup_em13100_win64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.