home

installobj.exe

7-Zip SFX

Oleg N. Scherbakov

The executable installobj.exe, “7z Setup SFX (x86)” has been detected as malware by 9 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.gigabyte.com.tw.
Publisher:
Oleg N. Scherbakov

Product:
7-Zip SFX

Description:
7z Setup SFX (x86)

Version:
1.4.3.2367

MD5:
c995102d9db4fb81817e4f637aad7a10

SHA-1:
748b24c6f684b23444b727e8fa793c48dcced2e4

SHA-256:
4223486fea139a4c4772732113e0213a790263173c54167c7f44f56d6c9eea62

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/23/2024 4:27:42 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160518-2

AVG
Win32/Sality
2015.0.4591

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.1384.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
1.2 MB (1,283,088 bytes)

Product version:
1.4.3.2367

Copyright:
Copyright © 2005-2012 Oleg N. Scherbakov

Original file name:
7ZSfxMod_x86.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installobj.exe

File PE Metadata
Compilation timestamp:
1/21/2012 2:57:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:4Tup/hpvlWATyIJyL1XUbCL98EYgvNrkDqN9N38U/zNHWolibP6+:YSvlWATyDr8FgvZF9N38SNHWLbPH

Entry address:
0x121CF

Entry point:
29, DB, BD, 36, EC, E8, 34, 84, C5, 0F, BE, D5, 0F, AF, F9, 1B, EA, F3, 4E, 05, 53, C4, C9, 6F, 03, D9, C7, C1, A0, 99, CC, DF, 80, D4, 02, E8, 00, 00, 00, 00, 86, E2, 40, F7, C5, 5B, FF, C3, 5D, C7, C2, CF, 4B, 5D, DD, 81, EF, CE, 6C, 00, 00, F6, C6, 44, F7, C6, 26, 2D, CA, 08, 81, C7, D9, 04, 00, 00, 5E, 88, DB, 85, FA, 87, D2, 0F, B6, DE, 69, E8, 9B, 59, 5E, 79, 84, C6, F3, 4F, 88, F3, 81, FA, 85, 08, 00, 00, 77, 07, 88, D9, 0F, B6, EA, FF, C8, 68, B1, 22, 00, 00, 0C, 56, C7, C0, D5, 79, 6F, 96, 0C, 4D...
 
[+]

Entropy:
7.9796  (probably packed)

Code size:
70 KB (71,680 bytes)

The file installobj.exe has been seen being distributed by the following URL.

http://download.gigabyte.com.tw/.../InstallOBJ.exe

Remove installobj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.