home

7z.exe

7-Zip

Igor Pavlov

The executable 7z.exe has been detected as malware by 9 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7-Zip Console

Version:
9.25 alpha

MD5:
c88d17af7d94f9843dd0894e717141dd

SHA-1:
7b16bcaafb0cd7e0b3d08a43aa662dba5d1b3769

SHA-256:
052ffc6a4395022c5cf030deaf92f3211071c02ad82836bfa328d0896c9adc85

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 9:58:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160213-1

AVG
Win32/Sality
2015.0.4522

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6222.0

Norman
Win32.Sality.3
03.12.2014 13:20:04

VIPRE Antivirus
Threat.4721115
47068

File size:
251.5 KB (257,536 bytes)

Product version:
9.25 alpha

Copyright:
Copyright (c) 1999-2011 Igor Pavlov

Original file name:
7z.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\7z.exe

File PE Metadata
Compilation timestamp:
9/16/2011 8:35:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
6144:2DuISXOr4qxlGltTELMT1QwlH797eR8C4cqtYt8IkWsXNc:gYXOr4qxlGoLMTwR87StQWsXNc

Entry address:
0x218D6

Entry point:
8B, D7, 8A, EF, 8D, 15, 84, B5, DE, BF, 8B, C0, 80, FB, B9, 4B, 2C, D4, 0F, BE, C5, 0F, BE, EB, 04, C0, 8B, F9, 69, FB, 4F, 3B, 00, 7F, 40, 04, 63, 0F, BE, F2, E8, 35, 00, 00, 00, 77, 0C, 69, F6, F0, 6B, 30, EB, 69, D1, 87, 51, 52, 5C, 85, CE, 72, 02, 20, CA, 85, F2, 81, C2, 8B, 7E, 93, 88, 0F, AF, FD, 0F, BF, EE, F3, 8B, F6, 84, E3, 69, EB, B1, A0, 25, 19, 8A, DD, 03, C6, 86, FA, 20, ED, 4E, 85, F2, 74, 0A, 8D, 35, 85, 15, 8C, C7, 0F, AF, F2, 4A, 8A, FA, 85, E9, 31, D9, 2D, DA, 1E, 00, 00, 08, E3, 0F, AF...
 
[+]

Entropy:
6.9711

Code size:
144 KB (147,456 bytes)

Remove 7z.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.