home

max remote.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from doc-0c-b0-docs.googleusercontent.com and multiple other hosts.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z SFX

Version:
9.21 beta

MD5:
75d03c97116d1ff985ba8c788788a44d

SHA-1:
22a25420d00bf9d11996717eaf68f314f0665b3b

SHA-256:
2efa04671bdda226375086246350b799527f27c687164ab8a94117133c32a42e

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 11:28:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

McAfee
Artemis!75D03C97116D
5600.6795

Trend Micro House Call
Suspicious_GEN.F47V0913
7.2.3

Vba32 AntiVirus
TrojanDropper.FrauDrop.adaat
3.12.26.3

ViRobot
Trojan.Win32.A.Badur.26146688[h]
2014.3.20.0

File size:
24.9 MB (26,146,688 bytes)

Product version:
9.21 beta

Copyright:
Copyright (c) 1999-2011 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\max remote.exe

File PE Metadata
Compilation timestamp:
4/11/2011 2:04:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:B8KednbZnTef5xXjQjsDFQbVPpmbc6XWakrGSt:1GbZTk5xT9xOPpmbLmprGSt

Entry address:
0x1CF42

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 0E, 42, 00, 68, 3C, CF, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 24, 01, 42, 00, 59, 83, 0D, 90, AC, 42, 00, FF, 83, 0D, 94, AC, 42, 00, FF, FF, 15, 20, 01, 42, 00, 8B, 0D, 70, 8C, 42, 00, 89, 08, FF, 15, 1C, 01, 42, 00, 8B, 0D, 6C, 8C, 42, 00, 89, 08, A1, 18, 01, 42, 00, 8B, 00, A3, 8C, AC, 42, 00, E8, FD, 0A, FF, FF, 39, 1D, 20, 69, 42, 00, 75, 0C, 68, CA, D0, 41, 00, FF, 15, 14, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
123.5 KB (126,464 bytes)

The file max remote.exe has been seen being distributed by the following 19 URLs.

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/72cb5u35gr75k8cj068dq9lribji83a9/1478520000000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://docs.google.com/uc?authuser=1&id=0B7Tq14bhgdR5QzFnSVY3MkkwSUE&export=download

https://docs.google.com/uc?export=download&confirm=_kf0&id=0B7Tq14bhgdR5QzFnSVY3MkkwSUE

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nm6kmdm7j419q8n6tla66rnjfpmahq65/1479009600000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t9prnr7l55fk81da6evdgjlq4m3ugt9g/1482112800000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/i4ecd11c4bjue7h3qfl9upeencjc6o9n/1467144000000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

http://dc167.4shared.com/download/.../Max_Remote.exe

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/e93n0hbbemem54phb8811odhnqifmfbl/1463536800000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://docs.google.com/uc?export=download&confirm=zzBf&id=0B7Tq14bhgdR5QzFnSVY3MkkwSUE

https://doc-0o-5g-docs.googleusercontent.com/docs/securesc/jnqljal3isfk9mrnbphcevhdd7ad6058/ljs2jp4cnn9mgro1302n87ttp9sbgol8/1456423200000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://docs.google.com/uc?id=0B7Tq14bhgdR5QzFnSVY3MkkwSUE&export=download

temp:Max Remote.exe

https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/c6k708kv3mlbjq7c4usgrn2g9kjg4bh5/1447444800000/00552282822574953521/.../0B7Tq14bhgdR5QzFnSVY3MkkwSUE?e=download

https://docs.google.com/uc?authuser=0&id=0B7Tq14bhgdR5QzFnSVY3MkkwSUE&export=download

https://doc-0s-3c-docs.googleusercontent.com/docs/securesc/k2lglol0q8pbdef6kelivubjh57i26v9/vg9mcig4i2v0vdsjg54mlu4tsbfbdvqt/1426528800000/00552282822574953521/.../0B7Tq14bhgdR5TkNZYkF6WFJ3N0U?e=download&nonce=lrba6j04u1pqu&user=05238066689191070272&hash=uo0da7l9hvf1ipdm8hsd6gl6e2jvhgtr

https://docs.google.com/nonceSigner?nonce=lrba6j04u1pqu&continue=https://doc-0s-3c-docs.googleusercontent.com/docs/securesc/k2lglol0q8pbdef6kelivubjh57i26v9/vg9mcig4i2v0vdsjg54mlu4tsbfbdvqt/1426528800000/00552282822574953521/.../0B7Tq14bhgdR5TkNZYkF6WFJ3N0U?e=download&hash=4l5nq5n0n3ia4nf43jsf86qn4m3ca6tq

https://doc-0s-3c-docs.googleusercontent.com/docs/securesc/k2lglol0q8pbdef6kelivubjh57i26v9/vg9mcig4i2v0vdsjg54mlu4tsbfbdvqt/1426528800000/00552282822574953521/.../0B7Tq14bhgdR5TkNZYkF6WFJ3N0U?e=download

https://docs.google.com/uc?id=0B7Tq14bhgdR5TkNZYkF6WFJ3N0U&export=download

https://docs.google.com/uc?authuser=0&id=0B7Tq14bhgdR5TkNZYkF6WFJ3N0U&export=download

Scan max remote.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.