home

pack.exe

7-Zip

Imesh, Inc.

The application pack.exe by Imesh has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the 7z Setup installer.
Publisher:
Igor Pavlov  (signed by Imesh, Inc.)

Product:
7-Zip

Description:
7z Console SFX

Version:
9.20

MD5:
c9e876b156d833260f0cf6bd37fd51ec

SHA-1:
6bcd8daa38d767a1dc0f0039184cd3c6c05e17ae

SHA-256:
475f2dfbcff1ebd5b3a4de5864e157a74c4f327b7406bf51ef766522af6dc2dc

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
5/6/2024 6:21:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15051498
5813612

Arcabit
Adware.SearchSuite.AB
1.0.0.567

AVG
Adware Generic6.FVF.dropper
2015.0.4477

Baidu Antivirus
Adware.Win64.SearchSuite
4.0.3.151225

Bitdefender
Adware.SearchSuite.AB
1.0.20.1795

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
Application.Win32.Bandoo.ANGL
23279

Dr.Web
Adware.Bandoo.332
9.0.1.05190

Emsisoft Anti-Malware
Adware.SearchSuite.AB
10.0.0.5366

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/SearchSuite
12/25/2015

F-Prot
W32/Trojan2.OOWS (exact, not disinfectable)
4.6.5.141

F-Secure
Adware.SearchSuite.AB
11.2015-25-12_6

G Data
Adware.SearchSuite.AB
15.12.25

K7 AntiVirus
Unwanted-Program
13.210.17284

Kaspersky
not-a-virus:WebToolbar.Win64.SearchSuite
15.0.0.562

McAfee
Program.Artemis!C9E876B156D8
18.0.204.0

MicroWorld eScan
Adware.SearchSuite.AB
16.0.0.1077

NANO AntiVirus
Riskware.Win32.Bandoo.dmeyyx
0.30.24.3283

Norman
Adware.SearchSuite.AB
17.12.2015 06:34:11

nProtect
Adware.SearchSuite.AB
15.09.21.01

Panda Antivirus
Generic Suspicious
15.12.25.11

Qihoo 360 Security
Win32/Virus.WebToolbar.f39
1.0.0.1015

Sophos
Generic PUA FN (PUA)
4.98

VIPRE Antivirus
Threat.5189619
46020

File size:
1021.4 KB (1,045,872 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsve624.tmp\pack.exe

Digital Signature
Signed by:
Imesh, Inc.

Authority:
Thawte, Inc.

Valid from:
4/7/2015 1:00:00 AM

Valid to:
4/7/2016 12:59:59 AM

Subject:
CN="Imesh, Inc.", O="Imesh, Inc.", L=Maplewood, S=New Jersey, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0FC4A7827632E273810B34FC1EEFDCB7

File PE Metadata
Compilation timestamp:
11/18/2010 4:27:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
24576:xXi6kgaINVA8NTcx3T1hPMb/VilR5G4OsJChHEoGL5:xXiTcNLclLP7ltOACM

Entry address:
0x1C1F2

Entry point:
55, 8B, EC, 6A, FF, 68, E0, FE, 41, 00, 68, EC, C1, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, E4, F0, 41, 00, 59, 83, 0D, 30, A7, 42, 00, FF, 83, 0D, 34, A7, 42, 00, FF, FF, 15, E8, F0, 41, 00, 8B, 0D, 08, 87, 42, 00, 89, 08, FF, 15, EC, F0, 41, 00, 8B, 0D, 04, 87, 42, 00, 89, 08, A1, F0, F0, 41, 00, 8B, 00, A3, 2C, A7, 42, 00, E8, D5, 00, 00, 00, 83, 3D, A0, 63, 42, 00, 00, 75, 0C, 68, 32, C3, 41, 00, FF, 15, F4, F0...
 
[+]

Entropy:
7.9221

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
119 KB (121,856 bytes)

Remove pack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.