» 7zipsetup.exe
Overview
Analysis
File Details
Network (4)

7zipsetup.exe

KBM2 Installer

Best Download Manager

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application 7zipsetup.exe by Best Download Manager has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address server-54-230-39-188.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

7zipsetup.exe

Publisher:

Best Download Manager (signed by Best Download Manager)

Product:

KBM2 Installer

Version:

2.5.1.0

MD5:

4e16831488f4f4287b2fb24e9b610040

SHA-1:

df8823c0465d667c6deb846d7a5d5bcdf608caf5

SHA-256:

fc91782c35f9d997ca6b2fab9c229abb60dc5b4641aa49643b791d032f3074ef

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/1/2024 7:42:25 AM UTC (today)

Scan engine

Detection

Engine version

AVG

AdInject.Bdmngr

2014.0.3618

Dr.Web

Adware.Plugin.85

9.0.1.0356

ESET NOD32

Win32/KBM (variant)

7.9285

K7 AntiVirus

Trojan

13.175.10825

Malwarebytes

PUP.Optional.BestDownloadmanager.A

v2013.12.22.04

McAfee

Artemis!4E16831488F4

5600.7274

Reason Heuristics

PUP.Installer.BestDownloadManager.J

14.8.8.0

Trend Micro House Call

TROJ_GEN.F47V0831

7.2.356

VIPRE Antivirus

sterkly LLC

25404

File size:

527.1 KB (539,784 bytes)

Product version:

2.5.1.0

Original file name:

KBM2.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\7zipsetup.exe

Digital Signature

Signed by:

Best Download Manager

Authority:

VeriSign, Inc.

Valid from:

7/25/2013 2:00:00 AM

Valid to:

7/26/2015 1:59:59 AM

Subject:

CN=Best Download Manager, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Best Download Manager, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5F3BBF9CAABCE7C81AB69ABF7371A064

File PE Metadata

Compilation timestamp:

8/7/2013 9:25:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:2gq6uX5c0RzWguzZylIAllGVytvHdKme7IZopYbQvq:2R610ZluglqytYmesZocQC

Entry address:

0x3A3C0

Entry point:

E8, 0E, 6F, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, D0, 0B, 47, 00, 75, 02, F3, C3, E9, 95, 6F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, D9, 35, 00, 00, 6A, 16, 5E, 89, 30, E8, 6C, 75, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 66, 70, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, B4, 31, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 8F, 35, 00, 00, 6A... 
[+]

Code size:

342.5 KB (350,720 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to yx-in-f95.1e100.net (64.233.177.95:80)

TCP (HTTP):

Connects to yv-in-f95.1e100.net (74.125.21.95:80)

TCP (HTTP):

Connects to server-54-230-39-237.jfk1.r.cloudfront.net (54.230.39.237:80)

TCP (HTTP):

Connects to server-54-230-39-188.jfk1.r.cloudfront.net (54.230.39.188:80)

Remove 7zipsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.