» dolphin-4.0-win64.exe
Overview
Analysis
File Details
Downloads (1)

dolphin-4.0-win64.exe

7-Zip

Igor Pavlov

The executable dolphin-4.0-win64.exe has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the 7z Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.dolphin-emulator.com.

File name:

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7z SFX

Version:

9.20

MD5:

a4f387819dddc299531fe84df2c5cbf7

SHA-1:

0730d479314dca53f47eb404b9ca22ad164ae18d

SHA-256:

6d19f58bf4011c061e89cba18d929a3fb967d98f0fe9842e956f94107828064f

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 8:29:05 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4591

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Microsoft Security Essentials

Threat.Undefined

1.225.283.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

4.3 MB (4,533,584 bytes)

Product version:

9.20

Original file name:

7z.sfx.exe

File type:

Executable application (Win32 EXE)

Installer:

7z Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\dolphin-4.0-win64.exe

File PE Metadata

Compilation timestamp:

11/18/2010 11:27:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:1GXgntDaXrE0BUB0VPUHYZs3TpuLP1WOMtF9ICtQEbRWBn/Nj:1GQYQJB0y4C3qEtL1FEn/Nj

Entry address:

0x1D262

Entry point:

F3, 13, DA, 85, C8, 8B, C8, 80, C3, A7, 86, C0, 8A, C6, 0A, D8, 86, C5, FF, C3, 2B, ED, 4F, 69, DA, 53, FF, 89, B1, B9, 5B, AA, 39, 1A, 0F, B7, F0, 55, 81, FD, 50, 42, 00, 00, 73, 0A, 89, F3, 8A, DD, 8D, 0D, 61, 73, F8, A7, 80, C9, 4F, 0D, 5C, 2F, 11, 0C, 0F, AF, ED, 69, C9, CE, 14, 78, 58, E8, 9D, 00, 00, 00, 8A, C0, B0, 8C, 89, CA, 3D, 56, 73, 73, DE, C6, C3, 56, 8B, D3, F6, C4, 85, 0F, AF, F0, FF, C0, 83, E3, 00, 89, C7, 81, C3, 90, F4, FF, FF, 0F, BE, F0, 3C, 14, 81, C3, EF, 05, 00, 00, 20, CC, 80, EC... 
[+]

Code size:

124.5 KB (127,488 bytes)

The file dolphin-4.0-win64.exe has been seen being distributed by the following URL.

http://www.dolphin-emulator.com/.../dolphin-4.0-win64.exe

Remove dolphin-4.0-win64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.