home

7z.sfx.exe

7-Zip

SUN ALL DAY LTD

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file 7z.sfx.exe by SUN ALL DAY has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
Igor Pavlov  (signed by SUN ALL DAY LTD)

Product:
7-Zip

Description:
7z SFX

Version:
9.20

MD5:
0fb56f88aa15919f648cf6a64b6d916f

SHA-1:
3a81d9a179cc768b76e6b9526cba7abe7a3dba61

SHA-256:
42a44072081403d36a3b96bb572ca7fa0cda69fd5dea5305999c6c842efaeda9

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 11:58:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.JP.7u0@aa72l4fi
5563212

AhnLab V3 Security
PUP/Win32.Downware
2015.05.28

Avira AntiVirus
PUA/DownloadAssistant.Gen4
8.3.1.6

AVG
Adload
2016.0.3096

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Vittalia.33
9.0.1.05190

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.InstallCore.C
v2015.05.27.01

MicroWorld eScan
Gen:Trojan.Heur.JP.7u0@aa72l4fi
16.0.0.441

NANO AntiVirus
Trojan.Win32.Vittalia.dqfrig
0.30.24.1636

Reason Heuristics
PUP.installCore.SUNALLDAY
15.5.27.8

Vba32 AntiVirus
suspected of Malware-Cryptor.FSP.gen
3.12.26.4

File size:
1.1 MB (1,151,688 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

Bundler/Installer:
installCore

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\nsu8c2.tmp

Digital Signature
Signed by:
SUN ALL DAY LTD

Authority:
GlobalSign nv-sa

Valid from:
3/10/2015 12:52:41 PM

Valid to:
3/4/2016 10:47:04 AM

Subject:
CN=SUN ALL DAY LTD, OU=Software, O=SUN ALL DAY LTD, L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E1C220808EA3AA83522313F4DFEA25A8

File PE Metadata
Compilation timestamp:
11/18/2010 5:27:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:rWvknOMEfYo8Yw/AqJEg2R8oaNC4cBs3gn65KaglThv:rUeOMmZ8aq72R8vNRuXnkglThv

Entry address:
0x1D262

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
126.6 KB (129,684 bytes)

Remove 7z.sfx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.