home

7zip-setup.exe

Razor Edge Media

The application 7zip-setup.exe by Razor Edge Media has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dl1.downloadmanager143.com.
Publisher:
Secure Official Installation  (signed by Razor Edge Media)

Product:
Secure Official Installation

Version:
4.3.2.6139

MD5:
2729624c9a89b2556a7aa4ce0807d1c3

SHA-1:
466a61feeed494da6d981f3b195e567701a7ecfd

SHA-256:
0554b6bae41d19712760b97c2531d2ed1bd7fc7adabd0ad726e1ce66265676ff

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/20/2024 7:48:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
405

avast!
Win32:Downloader-WDK [PUP]
2014.9-151227

AVG
Downloader.Generic_r
2016.0.2883

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.1805

Dr.Web
Trojan.Vittalia.485
9.0.1.0361

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DownloadAdmin
8.15.12.27.06

ESET NOD32
Win32/DownloadAdmin.N potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2015-27-12_1

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
15.12.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.18046

McAfee
Program.DownloadAdmin
5600.6539

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
16.0.0.1083

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.4
11.20151227

Panda Antivirus
Generic Suspicious
15.12.27.06

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.DownloadAdmin.RazorEdgeMedia.Installer (M)
15.12.27.6

Vba32 AntiVirus
SScope.Downware.DownloadAdmin
3.12.26.4

VIPRE Antivirus
Threat.4150696
45588

File size:
879.2 KB (900,296 bytes)

Product version:
4.3.2.6139

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\7zip-setup.exe

Digital Signature
Signed by:
Razor Edge Media

Authority:
VeriSign, Inc.

Valid from:
9/10/2015 7:00:00 PM

Valid to:
9/10/2016 6:59:59 PM

Subject:
CN=Razor Edge Media, O=Razor Edge Media, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
763D7943465C0DD6C3E7DFB412A3796B

File PE Metadata
Compilation timestamp:
10/9/2014 10:07:34 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:oXohbi7uczU7RI8HwYFliFWUW3JIzQTMmR4zcJ1mBZufaKqyrMh/mdVXiqLc49iy:NhbiCRI8QwnI8oNzQ1Scf/oUdovqPoE

Entry address:
0xD202

Entry point:
E8, 3C, 05, 00, 00, E9, 57, FD, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, A3, 44, 00, 89, 0D, 24, A3, 44, 00, 89, 15, 20, A3, 44, 00, 89, 1D, 1C, A3, 44, 00, 89, 35, 18, A3, 44, 00, 89, 3D, 14, A3, 44, 00, 66, 8C, 15, 40, A3, 44, 00, 66, 8C, 0D, 34, A3, 44, 00, 66, 8C, 1D, 10, A3, 44, 00, 66, 8C, 05, 0C...
 
[+]

Entropy:
7.9638  (probably packed)

Code size:
54 KB (55,296 bytes)

The file 7zip-setup.exe has been seen being distributed by the following URL.

http://dl1.downloadmanager143.com/dl?bc=1194953&pid=TR&brand=7zip.tv&s=msn&c=7Ziptv_7Zip_US_Exact&country=US&variation=newbc&zTmp=1&geo=&newbc=1194953

Remove 7zip-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.