» 7zip.exe
Overview
Analysis
File Details
Downloads (2)

7zip.exe

Useful Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 7zip.exe by Useful Software has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from i.getfreesoft.net and multiple other hosts.

File name:

7zip.exe

Publisher:

Useful Software (signed and verified)

Version:

1.0.0.20

MD5:

e78aa7bc5b1e33c8e1d6411a59e4a04f

SHA-1:

c52512cdfc9e230b10d029d0c3cf04dabfa64f1a

SHA-256:

2519b99cbfc5cc6c61269acc0304cfce1e8b6995ddd0e42603b6b187b3aee3aa

Scanner detections:

24 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/30/2024 1:29:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.GX

737

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Verti

2015.01.28

Avira AntiVirus

TR/Verti.253544

7.11.205.178

Bitdefender

Application.Bundler.GX

1.0.20.140

Comodo Security

Application.Win32.Verti.JBT

20874

Dr.Web

Adware.Downware.9107

9.0.1.028

ESET NOD32

Win32/Verti (variant)

9.11085

Fortinet FortiGate

Riskware/Verti

1/28/2015

F-Prot

W32/S-65a69a5d

v6.4.7.1.166

F-Secure

Application.Bundler.GX

11.2015-28-01_4

G Data

Application.Bundler.GX

15.1.25

K7 AntiVirus

Trojan

13.193.14781

McAfee

Artemis!E78AA7BC5B1E

5600.6871

MicroWorld eScan

Application.Bundler.GX

16.0.0.84

NANO AntiVirus

Riskware.Win32.Downware.djfwqe

0.30.0.65070

Panda Antivirus

Trj/Genetic.gen

15.01.28.03

Qihoo 360 Security

Win32/Application.13c

1.0.0.1015

Reason Heuristics

PUP.Verti

15.1.28.16

Sophos

Generic PUA MF

4.98

Trend Micro House Call

Suspicious_GEN.F47V0126

7.2.28

Vba32 AntiVirus

AdWare.Verti

3.12.26.3

VIPRE Antivirus

Rocketfuel Installer

37038

Zillya! Antivirus

Backdoor.PePatch.Win32.53799

2.0.0.2048

File size:

244.8 KB (250,696 bytes)

Product version:

1.0.0.20

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\7zip.exe

Digital Signature

Signed by:

Useful Software

Authority:

VeriSign, Inc.

Valid from:

11/19/2014 5:30:00 AM

Valid to:

1/19/2016 5:29:59 AM

Subject:

CN=Useful Software, O=Useful Software, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

142135C80AA62D0F15501B4128FC6AEE

File PE Metadata

Compilation timestamp:

11/12/2014 12:21:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:lDBLlLiGfX6SMatcJ2Pv2Rjb5yecrttsoS0fU2LC:HpBfXJMwcsn2Rf8eKSoS0fU2LC

Entry address:

0x169AE0

Entry point:

60, BE, 00, 50, 53, 00, 8D, BE, 00, C0, EC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 03, 76, 16, 00, 57, 83, C3, 04, 53, 68, DC, 4A, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9065 (probably packed)

Code size:

216 KB (221,184 bytes)

The file 7zip.exe has been seen being distributed by the following 2 URLs.

http://i.getfreesoft.net/stub/UINST/.../7zip.exe

http://inst.getfreesoft.net/dl/27/19934/73/.../

Remove 7zip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.