home

7zS.sfx.exe

7-Zip

Igor Pavlov

The application 7zS.sfx.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from mine.nnm-club.me.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z Setup SFX

Version:
9.22 beta

MD5:
4857dfb4e5fb04cbeb0d6922cf2a8fbe

SHA-1:
e1252178d2cdb612816f4cf7c416bf33f2ff77e1

SHA-256:
63061322b659bda075e1c9f1c47658706fab7bc8de7d97a3a6bb6ea00e6e61b3

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/26/2024 1:44:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BitCoinMiner-FA [PUP]
2014.9-140424

ESET NOD32
Win32/BitCoinMiner (variant)
8.9720

Norman
BitCoinMiner.STR
11.20140424

Panda Antivirus
Suspicious file
14.04.24.07

Qihoo 360 Security
Win32/Virus.RiskTool.749
1.0.0.1015

Sophos
Generic PUA MO
4.98

File size:
351.3 KB (359,738 bytes)

Product version:
9.22 beta

Copyright:
Copyright (c) 1999-2011 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\7zs.sfx.exe

File PE Metadata
Compilation timestamp:
4/18/2011 2:54:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:WjJ3QIA/KYDYqGkdseLDrpu2+ndN+0ZFNxn8KkAixrKiUf8WlRSKiqAdgj:WjJ3QIUekdfj+dNbnTkAixeiUfBlRSKx

Entry address:
0x1350C

Entry point:
55, 8B, EC, 6A, FF, 68, 38, 69, 41, 00, 68, 06, 35, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, F8, 60, 41, 00, 59, 83, 0D, 44, C9, 41, 00, FF, 83, 0D, 48, C9, 41, 00, FF, FF, 15, FC, 60, 41, 00, 8B, 0D, 34, A9, 41, 00, 89, 08, FF, 15, 00, 61, 41, 00, 8B, 0D, 30, A9, 41, 00, 89, 08, A1, 04, 61, 41, 00, 8B, 00, A3, 40, C9, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, A7, 41, 00, 75, 0C, 68, 94, 36, 41, 00, FF, 15, 08, 61...
 
[+]

Entropy:
7.7424

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
80.5 KB (82,432 bytes)

The file 7zS.sfx.exe has been seen being distributed by the following URL.

http://mine.nnm-club.me/.../1428251

Remove 7zS.sfx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.