» 7z938.exe
Overview
Analysis
File Details
Programs (3)
Downloads (83)

7z938.exe

The executable 7z938.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Additionally, the file is typically installed by a number of programs including The Forest by Endnight Games Ltd and DRAGON BALL XENOVERSE by DIMPS. The file has been seen being downloaded from www.universesoftwaretours.com and multiple other hosts.

File name:

7z938.exe

MD5:

fe5bf952bdf6577ec34ae6f26be28667

SHA-1:

9ac9e5e6a19bf3b18cd7bcbe34a5141996bb3028

SHA-256:

bbee630f212527b6ac1b5b07ae405eb1d83e3e4e02c99824dd865ca78288fe2e

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/28/2024 9:10:19 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

(M)

16.6.21.18

File size:

1.1 MB (1,182,190 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\7z938.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:cV8Au3X0b9NL7ewxmjoRNmrylQduJM59vZFBqoJeqjR6o1fyN:qFuHVKm+lQd93vfBqoJ9jRSN

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9877

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file 7z938.exe has been discovered within the following programs.

DRAGON BALL XENOVERSE by DIMPS

www.dragonballxenoverse.com

About 9% of users remove it

Stranded Deep by Beam Team Games

www.beamteamgames.com/stranded-deep

About 8% of users remove it

The Forest by Endnight Games Ltd

The Forest is a first-person survival horror video game.

survivetheforest.com

About 6% of users remove it

The file 7z938.exe has been seen being distributed by the following 50 URLs.

http://www.universesoftwaretours.com/WVl6OTRQU1V5UW5CelkwY2xNa0k1TjIxaFdFOVpOVTV0WTFOemFYcEZWRU1sTWtZMVQwMXdTelIxYW5ONFEyOXRUMEZYUXpBbE0wUW1ZejFMTW1kYVVtbHZlbXA2ZFhVMkpUSkdURzAwUzJWTlFtNTFRMDluVmxWeVoxTnpVVVV4VkhaWGVFVnViME5RVTNrM1oyaG5RV2RFZVVWWVRtaHJPR2R5UjNNNVMwSm5Oa1pMSlRKQ1MweDFlRXBWV2xOamFIUTBlSFoyTUhoSk4wSkNSRFp0VDJacFF6QWxNa0p5VUZWWmFVNHlVMHd5WkVabWNVbEdjbEJpWVNVeVJuaGhZV1phUm05SU9YbFNVRkJ6SlRKR1owZEJWMGhIWmxBNFIxZEJKVE5FSlRORUptUnZkMjVzYjJGa1FYTTlhVzV6ZEdGc2JDNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1ptYVd4bGN5NXpkSGxzWlcxNWMyVnNaaTV1WlhRbE1rWTNlamt6T0M1bGVHVT0=

http://filehippo.com/download/file/.../

http://www.signtodayclean.com/kg5k0BYMXkfXJ_hQrpK_h0UQbT7tEa9aYqNujr_6FemSkArL6XsDiQyBNvf9_ A1a _fif1K7t9qzmR9kWEHzs5LGEl910De8E3bq8YZ3kqLfhIu5H1b0TCo6OPj2jfzPhaTGPbEUUaXvYR_1pWhcmiZmv FOpb83bdwi2ArpVCGmMGF wy8jWRPr36D1kMKj2p77K7 -Ow==

http://123.briian.com/forum.php?mod=attachment&aid=NzExMXw4YTY1MDIxZnwxNDIxMjgzMzA3fDB8MTQz

http://fs40.filehippo.com/4724/.../7z938.exe

http://www.vaultsbinariesvaults.com/Nq8tFK1pxGxxVpwV6jkRPldzKK0uR_0 kypPMJAIlur0_ogdWFzR1AwYbbTg_8J4LplsUBlgIKJ0 ilYK0TNddZUav9WO_6Ewn3tPlUf lUw6aC_UAOyNnomvMbSCtnU77CrVhK1nNxW3q211km1kw2lIpxZuFhVGIZlHK_L46 jWktsLpvrPTKYfyxCXPIrd1PraL2Ht ak49aAZVM19RrlfKcPrw==-Ow==

http://dc776.4shared.com/download/.../7-ZIP_32.exe

http://www.signtodayclean.com/7j1vnU8J_rVyeZhOe4izRGcx1hl1N72e_cCisNUqElSskJbdtGnnlv4hmJ0NChMGmkkru0kT7UDKHRUQzTNvArsH3 u CjJysQIXLwyVyq2Uy6AFgZJVRLWrGuSeK0AJbCUkvXkinn6kw8sNQ3YU5X9UDlU8kPUEq9RfWRFk1zQXI4mPlqrVQCH x2eQiRiav5Dl2l19-Ow==

http://www.vaultsbinariesvaults.com/_boEVqVGRQLeyOlJQ6GJcmVaoKQqmG6YpL7Q1yqz6VpemAtkOlWLkdx0SVSHfvqacfjRBl1rYOScXf6TkAyKXDQFAyhmB934HJ8Zhf61ylkSUzvNSlmBXNsEQkn8Erl5WePpOfs7J 19rbXdpeWBYn_0P75Ic lsJhhgn74ivexu0Oq2tmg6SZHpte9qhxY v8CAzDh2-Ow==

http://dc271.4shared.com/download/.../7-ZIP_32.exe

http://www.filehippo.com/fr/download/file/.../

http://www.vaultsbinariesvaults.com/JLH5RkWiI1wX9_vOUDHIvipCFLpeC87gIRgiJiiH1IePpLKaDGVdaq7p4hDxCWJbM2M1M 5Xb74dfGzXFNE5y 5CaftVJlMd6CnKRK659Sw2Z5MLKpvt7GWXLoHu TsvYLqnr157ubwz5T5f34ZQk471DqLNlG3pn_ghvr7nWkFjccEeG1z_ODFYjtOZEjiX9NMDRlif-Ow==

&onid=2250&oid=3001-2250_4-10045185&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=utilities/file-compression&topicbrcrm=&pid=14013354&mfgid=64084&merid=64084&ctype=dm&cval=NONE&devicetype=desktop&pguid=c157e020362e0fbc57412d7e&viewguid=Tjq4J4t1V6IguD@aOQqRdiLY3wHhFH1LPw1c&destUrl=http://software-files-a.cnet.com/s/software/14/01/33/.../7z938.exe

ftp://ftp.unza.zm/software/Software Tools/.../7z938.exe

http://filehippo.com/download/file/.../

http://downloadme.co/.../7zip.exe

http://filehippo.com/download/file/.../

http://heanet.dl.sourceforge.net/project/sevenzip/7-Zip/.../7z938.exe

http://fs36.filehippo.com/4957/.../7z938.exe

http://garr.dl.sourceforge.net/project/sevenzip/7-Zip/.../7z938.exe

http://www.worldbodybyte.com/c?x=swKIsOT7J9uqGvmg1c9Zqlz2O2QC3zTpMg/lm8Qw2x4=&e=0&c=1dSegH7eZhTByaMg0lgrhWDMSUWU5J w R3mF6GtdQRWzx3 YPt9VTjakOmSU5o8fgu1RWv3n1crJvdXzWO9BC8Wr3wp1kcEY1whqKrSS8ABXMxI OFTOS8vM9elWV pdBh9Or WR4d6GsmtZO7aVl5R9D hMFDvr5qXboQjgUk=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z938.exe

http://filehippo.com/download/file/.../

http://filehippo.com/fr/download/file/.../

http://172.27.0.2/main.php/.../3786

http://www.toursheadfiles.com/WVl6OTRQVUZ3ZUZsUUpUSkNSbWhIU1dKeFZtcEJkbVpZVkV0NFJFSkVTbVI0TjJVbE1rSXhkamRGVkU1UlRFSTNha3BWSlRORUptTTlZamRZUTBsclRVbE5WbGQwTjFOR1ZrOTNTek5uSlRKQ2VUTjFjaVV5UmpSUGFuazVlREV4WjBONmFGTTBVRkZLT0hWUlF6Uk5WREpSVHpKbGRDVXlRbFpUUVVGT1NqSmxNWGhTTW1kU1JUVTJkMmROYUZONmR6aHZkRzFtUWpReFltVlNkMHRYT0cwMWMzQlVaM0JFUVhJeFIwaFpOMFJzTTI5Q1ZrVldiV1I0VlZJeGRGWW1aRzkzYm14dllXUkJjejFwYm5OMFlXeHNMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um1acGJHVnpMbk4wZVd4bGJYbHpaV3htTG01bGRDVXlSamQ2T1RNNExtVjRaUT09

temp:7z938.exe

http://www.bestcurrentstock.com/WVl6OTRQWFZ0WjNZbE1rWkVWa2RvZEU4eFpXcHRaVmRoYWxsdGNYSm9jM1IwT1ZKMFlWSlFWMlo1ZGtSb2IzRldaeVV6UkNaalBVcGtjMDQ0TUZWMFJXaHNTR2RYYXpKWlZIcGFkWGxHYm5WamRGa3hUbTh6UlZWbGJFRnJWeVV5UmpGSFoydHhXa0UwYzB4bVltZHlUR0ZDZUc5SmQyODBVMmgzV25GaU1tZGtaRGR6Y0dkd2JFWldjMncyYlZGTlJHNWxlbEo0Y1ZCak4zVlBkbTB4Wkd0TVRFSnBSVTBsTWtKWVJuWjNVbVpvVFNVeVFrTXdKVEpDVVZGUFZFSXdPSHBFYWpGMmVtbEZWVTluUkZaNWMzSklORUpuSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBUZGFhWEJmVTJWMGRYQXVaWGhs

http://www.filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://www.grabworldgift.com/WVl6OTRQVEpTUTNGb1pFOUxNekZXT1dSSWFrVjNSRTAwUm5Cbk0yY3lORmN5UzNZMVoxSldNRUpXVDI1VldtTWxNMFFtWXoxSFVsUnhObGxCVWtGSlkwbHBObGxqTVRBMFZHSkhkbVZwVXpOQlFrUWxNa1paV2xsbVVrRWxNa1pXZWlVeVJsaG1Oek5hVmpOU1pFcFZVREl5VTNwS05EazJWbUZaVm5wbE5rSjFjazFaVUdRbE1rWlhlRGxYY1U1S1RuSnlNM0VsTWtKdFMwZFFTMjFGTlVKQ1JYbG5ZbmxuUmtWSU1tUkVkV3BNZEV4VGRVVkpiM2t4YTFnd2NHUW1aRzkzYm14dllXUkJjejFwYm5OMFlXeHNMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um1acGJHVnpMbk4wZVd4bGJYbHpaV3htTG01bGRDVXlSamQ2T1RNNExtVjRaUT09

Latest 30 of 83 download URLs

Remove 7z938.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.