» 7-zip.exe
Overview
Analysis
File Details
Downloads (1)

7-zip.exe

UpdateStar GmbH

The application 7-zip.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.updatestar.com.

File name:

7-zip.exe

Publisher:

UpdateStar GmbH (signed and verified)

MD5:

6c7fc34528e859a0fc0b388800fcc3db

SHA-1:

b63cda4ec0e8bf0c9c59c50c6227c8a14e35440d

SHA-256:

ebe689c92e090809a7b908526735d09e0b15adcd6b1e1456c1247067c6d4b6b1

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/28/2024 5:45:28 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.128.170

Dr.Web

Trojan.KillProc.30849

9.0.1.046

ESET NOD32

Win32/InstallCore.JE.gen (variant)

8.9372

Malwarebytes

PUP.Optional.Installcore

v2014.02.15.07

McAfee

Artemis!AD5E8193F922

5600.7219

Reason Heuristics

PUP.UpdateStarGmbH.F

14.2.15.7

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14213

Trend Micro House Call

TROJ_GEN.F47V0131

7.2.46

Vba32 AntiVirus

Downware.InstallCore

3.12.24.3

VIPRE Antivirus

InstallCore.b

26086

File size:

669 KB (685,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\7-zip.exe

Digital Signature

Signed by:

UpdateStar GmbH

Authority:

COMODO CA Limited

Valid from:

1/2/2013 1:00:00 AM

Valid to:

1/3/2016 12:59:59 AM

Subject:

CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009ED227324380B40DDE36C8D31A33831F

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:7vptvVqpPXo+HrdkNuX3MmmJalSXGUhjvmWLVGozhj/OuP/th:7vXvV0ddkz82vJGozhj/3h

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Code size:

37 KB (37,888 bytes)

The file 7-zip.exe has been seen being distributed by the following URL.

http://www.updatestar.com/.../2078253

Remove 7-zip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.