7-zipws_en.exe

UpdateStar GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 7-zipws_en.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from client.updatestar.com.
Publisher:
UpdateStar GmbH  (signed and verified)

MD5:
e6df3a92e49d7db7ab1b9ea30b07588a

SHA-1:
95bbab3830091168b4269b6c68a7ddb06451a390

SHA-256:
a711db6753ee4f37ffa9ccf5b1183158f3624a1f29d23b5197a054d1c383cf65

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
3/6/2021 12:20:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
7.11.135.4

avast!
Win32:Adware-gen [Adw]
2014.9-140621

AVG
MalSign.InstallC
2015.0.3436

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14621

Comodo Security
Application.Win32.Installcore.UPT
18186

Dr.Web
Trojan.MulDrop5.10078
9.0.1.0172

Emsisoft Anti-Malware
Adware.Generic.552604
8.14.06.21.12

ESET NOD32
Win32/InstallCore.JE.gen (variant)
8.9503

Fortinet FortiGate
Riskware/InstallCore_JE
6/21/2014

IKARUS anti.virus
Win32.AdWare
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11913

Malwarebytes
v2014.06.21.12

McAfee
RDN/Generic PUP.x!c2v
5600.7092

nProtect
Adware/W32.Agent.685056
14.03.05.01

Panda Antivirus
Trj/dtcontx.L
14.06.21.12

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.UpdateStarGmbH.K
14.6.21.12

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14619

Sophos
Install Core
4.97

Trend Micro House Call
TROJ_GEN.F47V0303
7.2.172

Trend Micro
ADW_INSTALLCORE
10.465.21

Vba32 AntiVirus
3.12.24.3

VIPRE Antivirus
Adware.Win32.InstallCore.ba
27096

File size:
669 KB (685,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Turkish (Turkey)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/2/2013 2:00:00 AM

Valid to:
1/3/2016 1:59:59 AM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:7vptvVqpPXo+HrdkNuX3MmmJalSXGUhjvmWLVGozhj/OuP/th:7vXvV0ddkz82vJGozhj/3h

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 7-zipws_en.exe has been seen being distributed by the following URL.

Remove 7-zipws_en.exe - Powered by Reason Core Security