» 7z1512-x64.exe
Overview
Analysis
File Details
Programs (1)
Downloads (86)

7z1512-x64.exe

7-Zip

Igor Pavlov

The application 7z1512-x64.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Toolwiz Time Freeze 2016 by ToolWiz. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from d.7-zip.org and multiple other hosts.

File name:

7z1512-x64.exe

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7-Zip Installer

Version:

15.12

MD5:

822b366bb37a9628cafff5bfaf186998

SHA-1:

8017f7a6194c356b49e82c14a03d2d84e0c40523

SHA-256:

7ccca4989772c7ccd0ce6da30832365530011baa050beb727613dca6abce6d92

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 5:52:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

15.12.23.10

Zillya! Antivirus

Adware.OpenCandy.Win32.995

2.0.0.2580

File size:

1.3 MB (1,365,154 bytes)

Product version:

15.12

Original file name:

7zipInstall.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\7z1512-x64.exe

File PE Metadata

Compilation timestamp:

11/19/2015 3:07:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:xDMhDoh7PNjG6Po6WcnQdNKo79j5rF2TgsgF7GX0NeCbkqjSd9iWQr+8:xDVhIn6WcnYpptrSOGie0kgWQS8

Entry address:

0x7114

Entry point:

55, 8B, EC, 6A, FF, 68, 48, 8C, 40, 00, 68, A0, 72, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, CC, 80, 40, 00, 59, 83, 0D, 08, C5, 40, 00, FF, 83, 0D, 0C, C5, 40, 00, FF, FF, 15, C8, 80, 40, 00, 8B, 0D, DC, A4, 40, 00, 89, 08, FF, 15, C4, 80, 40, 00, 8B, 0D, D8, A4, 40, 00, 89, 08, A1, C0, 80, 40, 00, 8B, 00, A3, 10, C5, 40, 00, E8, 10, 01, 00, 00, 39, 1D, 40, A0, 40, 00, 75, 0C, 68, 90, 72, 40, 00, FF, 15, BC, 80... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

25 KB (25,600 bytes)

The file 7z1512-x64.exe has been discovered within the following program.

Toolwiz Time Freeze 2016 by ToolWiz

www.Toolwiz.com

About 4% of users remove it

The file 7z1512-x64.exe has been seen being distributed by the following 50 URLs.

http://d.7-zip.org/171E92C18EEE40A29D1749C505091DFC_SOPHOS_WARN_PROCEEDED_FLAG

http://filehippo.com/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/6451325094deee23bd26ad7190ce666f/565dea7d/soft/.../7-zip_15-12_fr_11161_64.exe

http://filehippo.com/download/file/.../

http://www.clictune.com/redirect.php?url=http://www.7-zip.org/.../7z1512-x64.exe&id=569622&secure=93347add0ce7390ab51fb8ea9a0299a4&referer=&dyn=0

http://www.filepuma.com/file/1449603639c10156/7_zip_64bit_15.12/.../0/

http://d.computerbild.de/downloads/.../7z1512-x64.exe

http://filehippo.com/es/download/file/.../

http://www.filepuma.com/file/1449949326c10156/7_zip_64bit_15.12/.../0/

http://fs33.filehippo.com/4409/.../7z1512-x64.exe

http://113.171.224.166/.../7z1512-x64.exe

http://filehippo.com/download/file/.../

http://dw.uptodown.com/dwn/TVbsmjUwOShubhfefMSP8FBVx-m-JEwl4G2HTT0feimOkNSDtYN-52iujeUDWXq8PmrkAXwOFRo77mfVLrZXSiGe0IkmiPY5wED10ylOGI3mk-3mjnZING8wsx3-A_jV/.../

http://d210.cdn.m6web.fr/soft/.../7-zip_15-12_fr_11161_64.exe

http://www.filepuma.com/file/1449371992c10156/7_zip_64bit_15.12/.../0/

http://filehippo.com/download/file/.../

http://dw.uptodown.com/dwn/w903yFgu6Gho1URzjsq9JJP8TwmvzAoT1GqT3atfZy61qDAaxmJ7aAbkZMxVEMOKRs293pF9Kdwlz_UpIU3jKmddicd7QpWV4tIZA0TepbgTCFtnapuGd6ZgNygAguov/.../

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_94297_AKp2imIAAAMmVoV6yw0H8NH1x78&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=830e55ec-1a3c-89b5-0190-da00b4010000

http://www.filepuma.com/file/1449412648c10156/7_zip_64bit_15.12/.../0/

http://kateko.rb.polsl.pl/~sdRarsb2/pomoce/[] Programy0/.../7z1512-x64.exe

http://soft98.ir/engine/go.php?url=http://www.7-zip.org/.../7z1512-x64.exe

http://dl.freesoft-100.com/.../7z1512-x64.exe

http://fs36.filehippo.com/4237/.../7z1512-x64.exe

http://www.filepuma.com/file/1451728403c10156/7_zip_64bit_15.12/.../0/

http://www.filepuma.com/file/1450130479c10156/7_zip_64bit_15.12/.../0/

https://drive.google.com/uc?id=0BwkhK5mE0YoyRFYyNDFNRjRWcGM&export=download

http://www.filepuma.com/file/1449676174c10156/7_zip_64bit_15.12/.../0/

http://www.filepuma.com/file/1451505057c10156/7_zip_64bit_15.12/.../0/

http://www.filepuma.com/file/1449067730c10156/7_zip_64bit_15.12/.../0/

Latest 30 of 86 download URLs

Remove 7z1512-x64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.