» 7z.dll
Overview
Analysis
File Details
Network (2)

7z.dll

7-Zip

Performersoft LLC

This is the Performersoft setup installer. 7za.dll is a stand alone plugin for the 7-Zip file archiver and extraction utility. The plugin is used by 3rd-party software to provide archiving functionality for 7z, ZIP and gzip formats and is recompiled by Performersoft LLC. The library 7z.dll, “7z Standalone Plugin” by Performersoft has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. The program is a setup application that uses the InstallBrain installer. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.

File name:

7z.dll

Publisher:

Igor Pavlov (signed by Performersoft LLC)

Product:

7-Zip

Description:

7z Standalone Plugin

Version:

4.65

MD5:

c42d8ec8ffdb0c464bb281f1929836fd

SHA-1:

17aa97a9d17f69678f71416ff5bc7c6b183ada84

SHA-256:

2e6b9bf9bc6aab0faa06d623b4ccf58f7ff65edda6d6b7b01f05cf9c0858a6ac

Scanner detections:

1 / 68

Status:

Inconclusive but possibly unwanted (It is part of a common redistributable library)

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 3:05:45 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Common.PartOf.PUP.Performersoft.IgorPavlov (M)

16.2.11.15

File size:

714.6 KB (731,736 bytes)

Product version:

4.65

Original file name:

7za.dll

File type:

Dynamic link library (Win32 DLL)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Program Files\driver performer\updater\extract\7z.dll

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 3:38:26 PM

Valid to:

6/25/2012 8:20:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

2/3/2009 8:21:03 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:UCR0sfbz8QwSOh+PBFayDTAZju0sBdZ7ATm8zI6:U9GX8JSOM5FayDTAZa0GdZ7G9E6

Entry address:

0x7B6E1

Entry point:

55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, B8, C9, 09, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, C4, E9, 09, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 15, FF, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, 19, B3, F8, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, F1, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, E0, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++ 6.0

Code size:

520.5 KB (532,992 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Scan 7z.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.