home

setup.exe

SAS Deployment Wizard

SAS Institute Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SASSystemPrep’.
Publisher:
SAS Institute Inc.  (signed and verified)

Product:
SAS Deployment Wizard

Description:
SDW Bootstrap in d3deploy12

Version:
9.3.0.12019

MD5:
bc087bdabc4887a5e2a4647c122b51da

SHA-1:
1093d3a3c83e78f8997d511b0d80f3d8654321ca

SHA-256:
2f5607f6db2c3712edc87b71828ba71ad5258bdd58f723a97a936b69569cacef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 3:02:41 PM UTC  (today)

File size:
489.4 KB (501,096 bytes)

Product version:
9.3.0.12019

Copyright:
Copyright © 2012 by SAS Institute Inc.

Trademarks:
The following are registered trademark or trademarks of SAS Institute Inc. in the USA and other countries: Refer to page ii of the SAS Language Refere

Original file name:
startup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
SAS Institute Inc.

Authority:
VeriSign, Inc.

Valid from:
9/13/2010 8:00:00 PM

Valid to:
9/13/2013 7:59:59 PM

Subject:
CN=SAS Institute Inc., OU=Research & Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SAS Institute Inc., L=Cary, S=North Carolina, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
039443E27C41610B8127A610DEDC93A0

File PE Metadata
Compilation timestamp:
1/19/2012 12:40:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:FmlCwWnmDC/mEYIuKnWKtDT5Ptlwlp+Zr7PKKgSDgNYbk2S+:o5Z0mBIuKWKtClyvvgigNB+

Entry address:
0xAC3F

Entry point:
55, 8B, EC, 6A, FF, 68, F8, D6, 40, 00, 68, C6, AD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 9C, D2, 40, 00, 59, 83, 0D, EC, 11, 41, 00, FF, 83, 0D, F0, 11, 41, 00, FF, FF, 15, A0, D2, 40, 00, 8B, 0D, E0, 11, 41, 00, 89, 08, FF, 15, A4, D2, 40, 00, 8B, 0D, DC, 11, 41, 00, 89, 08, A1, A8, D2, 40, 00, 8B, 00, A3, E8, 11, 41, 00, E8, 17, 01, 00, 00, 39, 1D, D0, 0D, 41, 00, 75, 0C, 68, C2, AD, 40, 00, FF, 15, AC, D2...
 
[+]

Entropy:
3.8677

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SASSystemPrep

Command:
C:\sas software depot\setup.exe -lang en -order 99h218


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.