» 7z920.exe
Overview
Analysis
File Details
Programs (2)
Downloads (1672)

7z920.exe

The application 7z920.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Additionally, the file is typically installed by a number of programs including Audials by RapidSolution Software AG and Toolwiz Time Freeze 2014 by ToolWiz. The file has been seen being downloaded from netix.dl.sourceforge.net and multiple other hosts.

File name:

7z920.exe

MD5:

b3fdf6e7b0aecd48ca7e4921773fb606

SHA-1:

55283ad59439134673fc32fc097bdd9ae920fbc6

SHA-256:

1e2f2a8fb52d3972b9b65b8ad1bebb66965c47a2994f89b3d652c31e6f6e4c3c

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:41:35 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod966.Trojan

1.3.0.4613

Reason Heuristics

PUP.InstallX.Bundle

16.3.1.10

File size:

1.1 MB (1,110,476 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\7z920.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:c7Rz+6GVlkicMgH6I7kuF7Xc+qaM9oXDEmHbGrXjk5rOTm:E+6cY75ZLqaMsDp6ro6m

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9863

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file 7z920.exe has been discovered within the following programs.

Audials by RapidSolution Software AG

Publisher's description - “Discover the many options and ease-of-use offered by Audials One by looking at our screenshots. No other software offers such a huge number of benefits for your entertainment! You can compare the functions of all Audials editions using the overview.”

www.audials.com

About 1% of users remove it

Toolwiz Time Freeze 2014 by ToolWiz

www.Toolwiz.com

About 1% of users remove it

The file 7z920.exe has been seen being distributed by the following 50 URLs.

https://netix.dl.sourceforge.net/project/sevenzip/7-Zip/.../7z920.exe

http://www.bitstagcontent.com/fywf7gjV24A89AhmIboAf8Pjrj8_cpkFxBQTNBiNsH5uWDT08GW6zVB1w5gox6EHPs2DWVYVc02qwexOZVfkyh4lemh_DT7pQNvEYE dgt7Yw7QEQfmPO85UlpG6E WbEmu0 EM1QTOrS2SAmEDYkJuKBQifSUzT8019YcvyWChERAuQmNy8MFwWeJOyDkR XGpgCexRzNdX0 7cpw1_saWhRJX2HGUKQQZlpFJFDS5cS6_PvsmPWnA5_Czc4LNLXb9qtdnJuVWSNFtge2Wu_ct8nEfk9rmSHm5fZEmNuHpXeXSO0SttzyDxdBow16IqdrxKDfu19KUVcmBPUpv_Q65ovTfe1w7Pl05nazvrVy68X8nnbIdyEM5mcbqg1wcyXYcUJWFcMTMyD62k_1bheqnr2QZBYy6h00_lvn_McEi86vqnX8yjdr6CW28avtKO4LwPb0hhGCgnaSVJtG4t6bSp6FSzLLYNR1_PTvtblXghOAZn6ae8uSL2hicEV5o2Oy35Rh7VzlcbqBW2uHklLplt0e6VMeaZl7mvCG1dAeQ1NDjGj8Uibj_2NX3_SC4vKnBHLcYm6jilP 2uTXmE7_ezKPsIavAEjlvqvJ 4e9T99kGYq3ITbZKvrOJyVZ OyVtrLFm1I9clcbSqExKF4Go8GV6fA_1ZmRgkJAcCOHzEM4GTy4Gn8eXxosw1ji4LMo4aupR5ewxXW GrnbUk7ptx2Q __6xLnc4VZ8C3jJckkJevJ1cAwF65Dw_eiVnLZFQKvB3Bbd2gmBcrdYoDK2lWuLeFw==-Gy4AAOTNYUxeuDEYbIJlrAsxZBKF9IVtIG6sKJAaiT ydIo_W8rYrwE=-e

http://wwl1566.daum.net/Mail-bin/view_submsg3.cgi?TM=jOi5o GuQw3S4FQ4V9nUW2SOt/tEmGVXhQpvPN1QmP0ML8ubrewDeVbm1DZg7/vXlojK89meyhe0NAyFHMST9qAdB/vK4gRY3dOg9yspGYeMP4utw151l5z6PekFDT5iVouEmip12gyVi3kLJZC44Tm307BWdy0QlCJ9dVMLAuiDMyffo7VTPA62j0tkG703f9eBFr40J/CZxVnlvtL vIk3t0u4pXqvKSQmrtG 3k682ioenSessOhmG6jYOe0kMApOW HODZFzWnr4rM6 OaXP7IaqXtWvI/1exAxtWtYJaf2hEo3wfJukvZ3tAn4P MuVY6iRH1cE1M80FUlBcQQKbqbOfa7mZoJ2V36vavNjRzIllwqacZ86qgYCE9utqPtc0aVfwBNXs4c8uZpQd2Nh6noUNA7Rmc 46neWEODARX9obefn2YLK49/INMrc24IxnNJVBogqROUwZqP/bxtZrgTT3oivD1KBhVd9w84c 1/.../octet-stream&attnum=1&attid=0.1

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_it&type=PROGRAM&Expires=1432919268&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=ZliVWJRK~PtwneopjT5pPm9dFvzqpEXUtyhviaMn5eOOzP4hQ3YyXF~SD7AyLA7JtIxaz3lgVnLiVSyUsomqlKnVHXubyhEyIuLp3ZW5yIQlXuLwbEb~e2SeF~FzwtBhRyL9JUsunfNbkzmJZoqkIm3RIcm2wfMbQBWlG7YWtKw_&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1428073214&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=CPPRfbOswlAGELb8m3iIUHbP2b9c8J9hHMxEwYIQfXtQBJIkZnbxvS~lzClo3S5UmZ-RgtK5p~XSKRmpBxNTvIZJ8RDhj2EyH~15Fq--vQMgmquk4NGpUHsOF15-ptqpQjPd1psnkxns~kilV2TISIaR3rFUE1eAWX9E4N1JQlM_&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_br&type=PROGRAM&Expires=1421808370&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=U-pF4e3LguC7d9voEekjNJM8kdLk-Ul-fN91VGm95d6Ki2CTw8kfOHtQObMgNqCwshKjHEpDU996xOpDzdoxii2fngjdZXgEpiORNCrdj-v~TcdGCeRc54KzdHXxLwZpynd168LIQMem5hXLDWNIkGdTj86ZwjQrBO4HOUzS3Mc_&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_en&type=PROGRAM&Expires=1441217015&Signature=RfNyNTETeOG0vAYd8897udHP3GZxN4YAqRFU1jf8guxPe1R9WhBsSvMCChRf-RArVtoo5PACu3tG1ACmAC27nt-Jj3i8Wgmh7LJ0agwCnCempz1z2hfiV6sjjpn6GRivNjfuc6~jLmdk66mU8qeduDw7KuxaoUywtZhadTQ0yPs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://7-zip.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN2l1GQ2TwZWaNv2bv1ZwFXs2xBeGN0oLzj/R8p2NEruFfr0ByYhIHsQEEm DNIEukkYnlQSNtsYbErkDoMaj1CJPCq79lmPaM jfneFpvEi4WWcfp6GkJyMXtMnR1DfJq9VvC67vOqDDJ Ob4zI/Z7JyWkmBYtN5PD3pUMPCoQhb1JVpL2kHBlX2bvZLnnQTBJvhsR9U41zkdLHaJMgLwCcBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlUSYP9A79UoLxf6jkaEz1wmSJS8u5zYpii24AhLeAVT8IZKIWVVV//5SfAGI2hbRFu180UPhZXF5LpPJ2IBUHZEv6 N9LzC0IkBL/yIZ4s0FzLLvsfx5TxugTrjYT3GiCIIQCkqF/afbWdSIcdbK9BfiS2tRqlMEYy RH76sYbsaCVoZyqHG8fFPeG1pcACv87iSy1Ft/.../YHGSZZ VQlEkLkfevRcSQ8XgkBvIIXTq3OmM VaXf3XGwF6WMldGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7czkT8tTMlQ9Q8MJ1jLqyG6t4IELgD2uzWkPN oG1cTo

ftp://ftp.unrealsoft.bg/toni/.../7z920.exe

http://download.besplatnyeprogrammy.ru/7-Zip_x32_Rus_Setup.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_en&type=PROGRAM&Expires=1426204859&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=gPo4LAVenBDkLoGyWvfykSVa8rxumuCTW4SAImFjNjhTG~aQTGVuLy14r04qhX-Y3OOaTzsjiLty-5e7o1WFn7Qs6R3HHad9dUZultavtJztwXkt2D6McP261tXffPg6VPXmqF6fKZ2XCQmiugPMjx-t~eDgU4~BCgu1~HhetKA_&filename=7z920.exe

http://ic4.besplatnyeprogrammy.ru/7-Zip_x32_Rus_Setup.exe

http://www.bitstagcontent.com/7DEK2GWRr6x32UEOZqY6tehfVUmhBn8ecOti3qIrdH2UgrVf0ld3qwGj9rblLXl85FlAC75jVlyVSpoWO_d1nh0 3jen_oukrwPeJEiUXngOoPhTLHLdoUK8QnVdAFi9hfqIZEpgkYIWZzBv2OW12gA46Uj3cLFd5DtCKCDcKBag73J9P7FBFHOzSrlu_7YvpGNWRQ696R9DKZQqn9KHqOF5WHWA_w==-Gy4AAOTNYUxeuDEYbIJlrAsxZBKF9IVtIG6sKJAaiT ydIo_W8rYrwE=

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1452322216&Signature=Evzfyj2jy0T7xOlEnOtB7mZxKTan-Z414qo1ZLm-zYoDXddtU7Swmjt8zruqXFHPGwb3BvJTiNKmg7v83I5098eqlat3a4KuDxugjTZ9scvnSAyYmhO19blr1yru80Z-kYLf--bivnwsR0wsG81E-G~fSQ4icto7cOSoeE~ErJk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://7-zip.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaSPnqKgl5Q=

ftp://ftp.usal.es/software/windows/programas/utilidades/.../7zip920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_it&type=PROGRAM&Expires=1427423670&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LADqN62jI7Rtd3aOFonxa1N37gNWy-hLEPj-2sex7IMZ-~zjrHd1fR6LsYaYFQoTFa7VeWOsbWXLoOiNTvqdx3Fiz6ZNUvNJkwNSBJErQVHvWTi5J92jKMZd66zuxvK0K~17eQCw2lQKA-ViveEm9zdzHGxhvL0eG0WEclSYnFk_&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_pl&type=PROGRAM&Expires=1444884996&Signature=g63S-2JaVBCrgU7xv-O7GfyGPu6CTtHgPFDYk9T9EE9KvWjerRZGwvVKTdOAAdBAJY3D8dxl0zrZBdVDrI68oFzCxo5Xjsi~1xa-aOcEayeK-27vXMYGgL8u~WjiiN0wyyDOnDtATb0q4eKbJrHs7Zraj1rrWCAk5DEVFVI4SGI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://static.download.pcformat.pl/files/4/f/1/.../7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1459318916&Signature=gNs8LSCBKEuzuUVVwz10fluj9BlvXA2tWk10mtKtpf4FiZstKTMVXZf1KucY8Lhhmms~9TB8p--~R9J-FmQhM9zBfK8PHSsH8OBCvAcdOmzHoGO~WLYc7t0z8Y9KjVE0fFwn91UAMm2V-750FNWeLfFsndrBbUPFLfpWoyfXAVs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1466994751&Signature=EtjdgGGdAsXckKdmWtsUlrNAizoPcO7UCvlJdRrepsb7uAbgA4SxyEPxc7IVW0TO8hXLynTLr8N8TgIGVinnCQY6q~HkbvEZkCLxZzx7e-BKPpYg-lv4AvIn~VAHS1f86OmMlDCPjil9ldAkuj5z0As~6nPKIy0eDmqvboV0rTQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1462876100&Signature=VPi9T5tugmIqazxT0kR1FAoRexd72Xw-mcwoCLsUYWqO-h0MAcNRE5sXRpjYx8cxeNtKnnY-vg44daWA3zuyHmlgRUAEYdKEXcObJIskYR8VYD-48ZT8T6nrPUIc5rbPsNvLCwgj3v6~lHmxgF~DouyQ~Lk9dQ-ZmcsrIs4dAqc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_es&type=PROGRAM&Expires=1444533737&Signature=WuLr1RenOwTGACMMVKsiB5lRMN--oJaejd4955Niev9TbXHI2sQbXZIhZbidJXJD5OGCLqwdYcbzaW3x6uVFQFwsQxfBeobVTNiFGcELGd4~kc2p~P6Q0hUR6-g4Fzye4t-fDsFiQcZ3bp3LfAKvZWbIscpPyadfKe7KhYh5BOw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=7z920.exe

http://tecsicom.net/util/VisualFAC/.../7z920.exe

https://doc-0o-24-docs.googleusercontent.com/docs/securesc/jkmfg8h8qod010nd5i5vr8suh8vgcinf/j6u1cheqjquer8u4ttq37hd6au78dspe/1487390400000/.../07754702938224770401/0B17y19oTLoVpVzBlY29kYlpYRHM?e=download

http://7-zip.softonic.pl/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN2l1GQ2TwZWaNv2bv1ZwFXs2xBeGN0oLzj/R8p2NEruFfr0ByYhIHsQEEm DNIEukkYnlQSNtsYbErkDoMaj1CJPCq79lmPaM jfneFpvEi4WWcfp6GkJyMXtMnR1DfJq9VvC67vOqDDJ Ob4zI/Z7JyWkmBYtN5PD3pUMPCoQhb1JVpL2kHBlX2bvZLnnQTBJvhsR9U41zkdLHaJMgLwCWR2yZnodLyIK27IBE waWSMcqblyrfuDOkd1/4bG5oEtxmPF7NGBNdl8ZDuw6DUJBZNdUQlRS75X3RnQzbw4OWQBA4rqR52985FRfKcp/JTArq7rYDIILj9le/rfWERUlW47Lq/na1rf2t84R0VAPm/SbWKNswonkxi/ugedHSgDyY9OuBZ1ksdn6D1k5Bf1RC3KWshjbM723KIV d/.../E9PZ3hlZEpIteEwDKjfwAb5ldziaWVlVCAAuyNMl CnE51v9KiV6jbojY5D7dsHTcOoMyfcvBUQZq9JGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7czkT8tTMlQ9Q8MJ1jLqyG6t4IELgD2uzWkPN oG1cTo

http://96.31.79.92/.../7z920.exe

http://7-zip.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN2l1GQ2TwZWaNv2bv1ZwFXs2xBeGN0oLzj/R8p2NEruFfr0ByYhIHsQEEm DNIEukkYnlQSNtsYbErkDoMaj1CJPCq79lmPaM jfneFpvEi4WWcfp6GkJyMXtMnR1DfJq9VvC67vOqDDJ Ob4zI/Z7JyWkmBYtN5PD3pUMPCoQhb1JVpL2kHBlX2bvZLnnQTBJvhsR9U41zkdLHaJMgLwCcBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlULf2idY36Mub PgWLO ccCGnURfvJgToAL9IAkpdmEkpaM3ssH4FuNv1rWaaZkcqR2NVeEBDjqz8uH s p1WMEpm6nbtOTEZ7eVdcyDbunEl3jXXdX7pnwPA8UMYmniggYZGJxoCfDlSyTQOPvnmigrKuXCPt5YMO /OIOC/.../OzzXrtK3Ji69ca0C071njXvKf9x8v7elj ChhhR78f tqxJAd2QZdgnh4ny6h1oVLkSdT4yVHZGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7czkT8tTMlQ9Q8MJ1jLqyG6t4IELgD2uzWkPN oG1cTo

http://www.bitstagcontent.com/j7t3VyTZ3kVkbFcnoj0Ao5MbwnH5M1ZDZ2WWdu2_SsFY0w9uts0JdtgBZ_yhj6TE lvhcTzNTkueCW1j5kz5VNBdE8Ogrf1X6iABfUQPpq3CSSZurIxdRjzM0JsIQqrC0v1FdRs4_HVQ5vcEkgqbFfREJEj_yJ4iRKPBvt7SgMaAPVDY9naiq98SoHhQk JNApOAswv5AGWOHiTFJyfKAh_u2eefIw==-Gy4AAOTNYUxeuDEYbIJlrAsxZBKF9IVtIG6sKJAaiT ydIo_W8rYrwE=

http://gsf-cf.softonic.com/552/83a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=26187&instance=softonic_pl&type=PROGRAM&Expires=1433719480&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=NU4-SFAekRlHyWQfLwu28XLc~Dk591fl64V-G2J7KdjSrYfQyvJS2ThpCJpv1PRlK~Mu2Ix-T9qV0wrfgoGsFVO9R0KW8TBEAeJBcVRqAD~A0zEdnCy9FkMDqWm1rEndkeDmy1BcofUGn1hzJk~XzniCUucZC-MP-OqYa4COYEc_&filename=7z920.exe

Latest 30 of 1,672 download URLs

Remove 7z920.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.