» winsetupfromusb-1-1.exe
Overview
Analysis
File Details
Downloads (23)

winsetupfromusb-1-1.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7z SFX

Version:

9.30 alpha

MD5:

6cfdab6b633764c4c9fac99acf132927

SHA-1:

18d5032d0fa676708118124e3a17b2feb92e9b2a

SHA-256:

e2309d2758fe43d182e202b3a00d4e2af4c39fc46349b2814c2bc5184027c589

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 7:14:08 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.14323

Trend Micro House Call

TROJ_GEN.F47V1209

7.2.84

File size:

21.6 MB (22,619,852 bytes)

Product version:

9.30 alpha

Original file name:

7z.sfx.exe

File type:

Executable application (Win32 EXE)

Installer:

7z Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\winsetupfromusb-1-1.exe

File PE Metadata

Compilation timestamp:

10/26/2012 1:03:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:qASorLaXJNOqIfFdis4uoXMnc2ald1Oo18Vstr07RD0IX2Kr+i4r9Cm4:7/YTOq2Guuwc7D1JYs07RD0vQ+iOCX

Entry address:

0x1DC22

Entry point:

55, 8B, EC, 6A, FF, 68, 90, 1E, 42, 00, 68, 1C, DC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, 11, 42, 00, 59, 83, 0D, 74, BE, 42, 00, FF, 83, 0D, 78, BE, 42, 00, FF, FF, 15, 30, 11, 42, 00, 8B, 0D, 5C, 9E, 42, 00, 89, 08, FF, 15, 2C, 11, 42, 00, 8B, 0D, 58, 9E, 42, 00, 89, 08, A1, 28, 11, 42, 00, 8B, 00, A3, 70, BE, 42, 00, E8, 1F, 01, 00, 00, 39, 1D, 10, 7A, 42, 00, 75, 0C, 68, 79, D3, 40, 00, FF, 15, 24, 11... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

126 KB (129,024 bytes)

The file winsetupfromusb-1-1.exe has been seen being distributed by the following 23 URLs.

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_en&type=PROGRAM&Expires=1428901232&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Gs8W7iDvSQ0aIu3x3NpyOMc6-nZzA6LJR1GNd6NVy5tMGCmTr7L6FHbx6chJfdw9OgAgB-ZOK1PLceGj5GabTGNM446rpF3SFqokwruQFqWZqP1DsO9iH6V0-pT5G3oI~9PDv5xgdYK7jfXN4mIJBq1GnT2ql836cSp6TBfvvmg_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_fr&type=PROGRAM&Expires=1418263329&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=KeCoarkOAsp4tyWsNiHUGXbdPxb7WMEbwZDlseyBUHLrK-NbtauSbe4tVA5Ph6HshCg7~LZVME1WrRQTBpxemRw25kTLOsRFaDpcAJQXlyRs01gROcq1mFOY3W9hkuyd5FYlcaapQ4StS9xcjq8VWyOLDRfRwTJhTkpZsgN2kDw_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1403005391&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=EDNY~NMM4fCH-mOtiPaQF8MjUImtxW6X4BAtmaa0PVoIvdfRbNWA17LTuXU4H7UQayvTLtS4EZs5KzAf88UhGlGsrFlA3UGU~V7Hu8mw9JsKeJu7u3Kxvy2H6o3ZiMZBiPAAUFYB2ldTbmOM6xTbhNpSEROjXZ99PyzLaK6pN2Q_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_es&type=PROGRAM&Expires=1428472589&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=SoSICfZREsR~JTMY~pHaATn27TmOyFCunQFfxFCp4YyqWI8ZvE2B~LooRtoaL5bhPxfD3CfXOb5gsp665jQFRa01hsFOvfVX-zzuNp1zJ4dKzMW5Exw-qKggxwff00EYOj8bRDjDtuNWDc1pJxSQo3L0L6kX2PUtnRUcLlzqYwA_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_en&type=PROGRAM&Expires=1426911980&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=OCZt0t94Lypc2W8L7t9y~rDHPiDaFRksl30zkOhZL~7528pifCrR0ha8jbPzdh8LA~g0s71RNrCeLHQ-PybGEhDWeZprsjuOE4DQzjJaN4WtFKMtdaWaRp1AhcGKIqWPbf~SAixE9rhEi2fxvSKG~wcgtnNgFrz0KvVmgs-Xves_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1405487127&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=WKT7WRwvlnaHZ7pOtu5ZzLUkynKTyKuSA67afgazsm3lW-BzGVyeq29A0fFJFwBoNMjdXVFA3~dN6VMptrsKuney3Asrjh-GCIjc7nRB3cAojxxCWrk1UkN-pj93KCRWI~KWX6Ap6eYIpWBZFB92ZliyoJr1Se31iRnqIFmQ5W0_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1390726165&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=PLMNCVPFcHCCjDVwJEv5DP9POfefva-rcnEs4lWpd4~TfjE4uumy5Zqi4vO231m282rtINuQvmMvVq~6Ds79iK335hSWNkA~swjRdPhFEXWrI9ePIcRAGxkTbUTV5WqhKKjZCMPa-4HaWWqw5SNq7yKue4A8fB6AIdY~isRnrpg_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1398456238&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=UR4Cb6BOYWtKQtA03geE3TKccUzq69-7aTufqL9Xu-XP4DBIIxGGzvthzzHzZPPIalnVX3g-Rx4QnUsYYYrdpu2MRxqJNTfIlm-BPYP6tfSLvRmdRM1x-h9KykrhYQ4VQawSUBP1SIRL5w~e-IfVQ0tfr0Pjkg0Cqh4FdaDkFJw_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1401367176&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=EQoXEluSEIlOaARTgMWZxK0pVc~dD14qtgl0Y37YWaDSnMpFRio8PzZxhsYxNDRqfJnwyfqipNiaUdzKEaU7PnP6avTqg6OoHZSC-S4sJWvDSUfh3fesV6W4I5ZLCGgrIwlpaE7JSX~X2p2xq0dMDka8Fj9NDWqGG7gzVUWopbo_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_es&type=PROGRAM&Expires=1426306477&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=h0dW7MkwS8ZAcpZct-XHo0GQxlmX7vdyMV5MWx4BBLBtHLnswiWGV-~fj9G93DIKqm27Bi-a7TXuJPLBXEqCZn~tEvqp0KDq9zBKhQSZvGjkg4WPNSTBiUYl7PwPqmWOEgthZHKMsTRALEUe99a5YKcKau9Og5t3QyFc-o~bB38_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1410954064&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=fXouYgZyDVp9-3GkBtrkyxq~NNmcQxpfwfyDG7wTh-wx4Z5PjjRkPSDtTy~FI0X00lE-ggCrvp1~-eU4hBGgfqAGmAWPRXxGfPGwjEurvmuFGYkBYaPTH5yDxjDH9jdY9t-DpmoxodbBwZouTT3zRqCDF5dUCXvqsSXTCFT2rBI_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1398429402&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=DsS3uUvAY1exzK~C2bcFzf2LoucuFgSXANr-2uhXGZw5rcPS1r5SsEW5JeFKxWbZ166u~gFkPwv9YTFHFQ6RchDtU1dd4ENfuGWvYBeQrTz0GzFMq~bUQ9JMM7OAJ6xkEI-rQkYR~4jsD8bdiy1ZOGLpMlwvCwmlrFAxEaBtsiE_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_en&type=PROGRAM&Expires=1424177525&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=bYKcZwAxRwLJEqnRioJU-ShuW1w8jsGUDDM~o3iBaQh8ITpNkp6a6Xrkkclxk9j5ZsiF7cLjkabB5ueN70KXU2zXiWXnYmEsHtdCRG3gS1PDkhY-nWrQ5VVS2v4xDNMd4puQYmhhbhyoPOImjE8J4ud1U3GE28Qtvsu54zBHhxQ_&filename=WinSetupFromUSB-1-1.exe;

http://www.winsetupfromusb.com/download/.../

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_es&type=PROGRAM&Expires=1421051317&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=WLe2pzToIrVeOqw1MQYAX-yreGxBbcGvSdxmxCKkZElHceXi2Q8emuK3Y~bdt-Qzb9fL~pXDOw3pdt1woIJus2rVuHshPIhKFs7NjwH5Nxyjybo8TfnJE8ddsvnueWoKdTXIz1XiINLULwcMvts6OXd4ESRTPX139UvITyT~Ap4_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1408431970&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=L4k15GzdymIFEs5iAZqD4olxq0dHd9wq5sv0UVWamNaLwoRhE3~NejBMxJ9oAzrATQapxI21ZVakOp0WZxZdmO2303M2FYF0i9Rk8aoMXqeKiomDPd2KKxlW1sc9if~qlejAgGdFC~3~19nTLOwiO91-E0bxKsV4exlFSCuPpd0_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_fr&type=PROGRAM&Expires=1425171451&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=is6PHPwUu0wNDdsg47qsyh90dNIjhIu1avYtHwfYlWey2N-Ryc70xZ3yh6lu4zuiNP~uGvmSG3u4pQsbNx2xZqmEKjduo3AdVA1ngdRVguWCtNKUS-LEhF9w28mB43X6Xbro~f3IWFDW~xIECD-bLTTl8FNeeroGgDl3YNUc6TY_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com/18d/503/.../file?SD_used=0&channel=WEB&fdh=no&id_file=85492&instance=softonic_en&type=PROGRAM&Expires=1419315580&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=YAgT1Huh0X9w5zRVW0SjFqXZtqoAcX7jmcPmHn2vU6DU48RIfTwBqR73PmtsjxUNT2tn1o2l6dSRMiuPIsgQaFfVYEY-C5kqsmPuHlWA3XO0K1WsCSQQCLqa16h8eQX3RU57eKdLoAie4-GxIhgNCjgk4RpfNn8cdJ-0KnEFNhM_&filename=WinSetupFromUSB-1-1.exe;

http://winsetupfromusb.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOwqNtVyBU9aGYixY/iNIyoeSDWNieMJyZIYt yUUVa9uJNfmR4jUrP6tXq4MCNeZbHzGcX8r5dEd6pGYAOLsMd5ktZNl9AWUbiQ9yJbj07lk92cr6uH931/Xoz3s7/EZPJjD980tMU05Cz1JVlmFM6XD3RuyrCF5Dlpz6ONGZp9DW7YumRGOBWNc0C26x 6MvkuohYmcbXN 6Mu8TCMyjGcBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlU9909pTLGHUz6HZMdfZEmy0F0gxaf75E3Dkvfm B9oE72DuA35SoqSg/XogzcsjMmuIg7ORecDman7jvRT6Abkr9xvcqyzrJvBmDsHXDRVhCIV/XOC7GcDk2DFYvRGnK7zRUHTOpwAF7df747ykB1Ebcqd39yFkNlChiuhJeVU4KNyCxBONByImOMOzdfmm7djdv4KrkWKuFxpYN1sG aTiyYqP56hw236O2sHitueZyNrmqjgmMDA 5Di5BYlF3ayFTifF0uS 7WTk EVRBGqOkvokB3S/.../1gCUcnqg7fhZb6BfbIRX0os6x0tYBpYoZ83ci0jFWnz5m9l1ZKPrnghtYoiaSDa3870=

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1390535915&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=EIU54R7urW9lraJMFEFsvg6vLDg~9UUfwTShLn3JMQ-kWd542ZBArg-jxZFbYOa3~RVkplLxQM42f-9-9dvhA-Rzxeo~Szkm68A0qNDIboflxOafA-2WKUkhwnETELQvq6FBrekynJhwWR4S1LAU6e3O5HN5mLgKZD-mrnIIZOs_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1410075562&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=UKi5HqVJ68vwxeKvo4LDHYMcXoVm0xrnLUdgpALWUfYBb~sYNjo3HEzYgycDwah-aiISEVkQ-P7~d0tKMJiggT2bUk5eZPc4Sg5WlrjRn3P8UsS7Gw5TyPJDoi5QsuzewCMCRHI7kdPKGf448Dh5c6Mw9HZ2OA9oC1Zokh6EcO0_&filename=WinSetupFromUSB-1-1.exe;

http://gsf-cf.softonic.com//18d/503/.../file?id_file=85492&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&Expires=1401919600&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=JcCnoppK2tLPexGzZuZ3uIYxVWKcF6Z17T3Ss8HmrNJaTG5JJ6GA4RR~QdsrCcLUy1BQvDYd3ziBejIgzrqRFiJi0jcMR8QJp8r2YNapjFPvFOWW-gipPMe~-Fy0~rJka2j9I3HYpY2iYv1ss4XQ-HFpB-jYDkJLkquPLa5N3Yg_&filename=WinSetupFromUSB-1-1.exe;

Scan winsetupfromusb-1-1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.