» sasnative64.exe
Overview
Analysis
File Details

sasnative64.exe

WinZip Computing

File name:

sasnative64.exe

Publisher:

WinZip Computing (signed and verified)

MD5:

7009f6bbe3e27053803f966b4c1c4512

SHA-1:

8ec6d000b4a74ed93070c12ca5778a7f3f446e71

SHA-256:

8177198d02aa4b3691e547cb921fe1a40e3e382fe511cac5b9691bc850412c45

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/10/2024 10:05:52 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win64/AdvancedSystemProtector.A potentially unwanted application

7.0.302.0

File size:

21.8 KB (22,352 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Windows\System32\sasnative64.exe

Digital Signature

Signed by:

WinZip Computing

Authority:

VeriSign, Inc.

Valid from:

4/13/2009 8:00:00 PM

Valid to:

4/13/2012 7:59:59 PM

Subject:

CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2091EC663B9B070DEF16CA9A237B705B

File PE Metadata

Compilation timestamp:

11/20/2008 8:47:42 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

384:W09Xyxq1CGUDZP0W3ieO11ZYnHl03oJ1xQ4t1mCvlCEoxlYJLWH6Gk4b5qUT:W09XygoGU0eOfZYnq3oJ124MALmjb4UT

Entry address:

0x34D0

Entry point:

48, 89, 5C, 24, 08, 57, B8, D0, 00, 02, 00, E8, 96, 01, 00, 00, 48, 2B, E0, 33, FF, 48, 8D, 84, 24, 90, 00, 00, 00, 48, 8D, 4C, 24, 30, 44, 8D, 47, 60, 33, D2, C6, 84, 24, C9, 00, 02, 00, 01, 48, 89, BC, 24, B8, 00, 02, 00, 48, 89, BC, 24, C0, 00, 02, 00, 48, 89, BC, 24, 90, 00, 00, 00, 48, 89, BC, 24, 98, 00, 00, 00, 48, 89, BC, 24, A0, 00, 00, 00, 48, 89, BC, 24, B0, 00, 02, 00, 40, 88, BC, 24, C8, 00, 02, 00, 48, 89, 05, C1, 1A, 00, 00, E8, 38, 01, 00, 00, 48, 8D, 44, 24, 30, 8D, 4F, 02, 33, D2, 48, 89... 
[+]

Entropy:

6.0926

Code size:

10 KB (10,240 bytes)

Scan sasnative64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.