Self Extraction Directive File Created In Potentially Suspicious Location (760e75d8-c3b5-409b-a9bf-6130b4c4603f)
Detects the creation of Self Extraction Directive files (.sed) in a potentially suspicious location. These files are used by the "iexpress.exe" utility in order to create self extracting packages. Attackers were seen abusing this utility and creating PE files with embedded ".sed" entries.