» winsetupfromusb-1-4.exe
Overview
Analysis
File Details
Downloads (18)

winsetupfromusb-1-4.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from s6838.chomikuj.pl and multiple other hosts.

File name:

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7z SFX

Version:

9.30 alpha

MD5:

c3e7b3c178b9d04d2884f81100b6a0b6

SHA-1:

f45ea101b29216b7041b40011906dc8fc084893e

SHA-256:

d5233c27225ec22d2b4ee67a02fd10a04f6243d2c002afaee96ea4c313111cc5

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/24/2024 7:17:24 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Artemis!C3E7B3C178B9

5600.7177

Rising Antivirus

PE:Trojan.Win32.Generic.14E311F1!350425585

23.00.65.14326

Trend Micro House Call

TROJ_GEN.F47V0327

7.2.87

File size:

22.4 MB (23,462,809 bytes)

Product version:

9.30 alpha

Original file name:

7z.sfx.exe

File type:

Executable application (Win32 EXE)

Installer:

7z Setup

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winsetupfromusb-1-4.exe

File PE Metadata

Compilation timestamp:

10/26/2012 1:03:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:qbXQVrZacTxKRQ/AWSYNJ3N1LweodxgPOZfV3kdXpvhciXlnx9Tr6toPyzinYXIV:yQOi5SuLwemxgGf0pbHkC8K

Entry address:

0x1DC22

Entry point:

55, 8B, EC, 6A, FF, 68, 90, 1E, 42, 00, 68, 1C, DC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, 11, 42, 00, 59, 83, 0D, 74, BE, 42, 00, FF, 83, 0D, 78, BE, 42, 00, FF, FF, 15, 30, 11, 42, 00, 8B, 0D, 5C, 9E, 42, 00, 89, 08, FF, 15, 2C, 11, 42, 00, 8B, 0D, 58, 9E, 42, 00, 89, 08, A1, 28, 11, 42, 00, 8B, 00, A3, 70, BE, 42, 00, E8, 1F, 01, 00, 00, 39, 1D, 10, 7A, 42, 00, 75, 0C, 68, 79, D3, 40, 00, FF, 15, 24, 11... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

126 KB (129,024 bytes)

The file winsetupfromusb-1-4.exe has been seen being distributed by the following 18 URLs.

http://s6838.chomikuj.pl/File.aspx?e=-VEaAW1h4qKJ4_2B21euVxUOFbE4M_ajBscf0prf48p23NynHNWXQ9sfwV6g178wJb_DOqSXJe4_t-CV7H9UcD9i1s2jwyjLUFT09IvwjpmST5cRYWAhQq4IQqGgzE0BgqR8ylqPeBmcZBE9ofq-jA&pv=2

http://download1853.mediafire.com/5w4jsajoo3mg/.../WinSetupFromUSB-1-4.exe

http://www.softsea.com/download.php?id=832192731

http://ec.ccm2.net/es.kioskea.net/download/.../WinSetupFromUSB-1-4.exe

http://relizua.com/download/.../WinSetupFromUSB-1-4.exe

http://www.winsetupfromusb.com/cdn-cgi/.../chk_captcha?id=2d3050f84c2d48e9&g-recaptcha-response=03AHJ_VusuC92zEGkh0K0ZxlNSu-p6uQv7983O4YOwczqLGnTWPK32kuuBe0kx2TDzpRtkXPQnpqBc45dRu48WqIS58x2WlOp3w1E_90HoPlBUjVSEKc5B9bU1ByRndJloj811FU0_zjHYkmUMNi1Uwp1hC3jGM7wZ5OvS7vbOqjA_kxuiG2L0jryk345mmqJRy-3gLVRQ1KoHHy8TBkBQ-UTalASvjNusTbGFEN3Puc5O-KLnQzJK8vCPC3eEhvMY0D_0tS2qFJqw1uSVpTdpMrEFXfrVQZb_RTqoqabEdNkSdCqJwq0e4IMr_2FU2kyPEWW93jreMz9JVsS7SWKk5cKrn2zvuQPTHycEKHOIPGYMwL9Jxk2LwnX9epmStzdUP4sfthiNwOoVq9Grr_GspHTvJbnlj4EgbfNmvHfd1MEU7PUYQW-pxv6UO14lFyNMtmvHRv0rGDz95BP16yRkXgfIhbXQG4bGrpID5xxGGxMZTtbDT45TUbwRn9tTLUn9k5_G-bXIfhpx1ny2oMewFSQ0hhT6BBnyXD0swa1R_tu9eQUru_x3GUya7AV6t2WOVOtMOXzvYeJYBl0gzbHm38WZXiG9d7977NEW5edri4f_j8vq0DVFJFll_G8SrjNvhE09nGrbcJbSoBTxe9IifRkkTydCebh4yrxLquSf2OqloIE5iXxK8mOM9wMlyrS0KXZiwnewF5TwCFTihQ1ekjNipgSZebt4VtTlyz_xqHpROMAwVRMPJUHBw0Bb_b6RXC32MJ4JbJrpe_Yjebg878qsBxXIyFBJlRTVGnjgzXkIa6GFuD1gRTWrflXG2sDytXOLGeWgsZK7tGE5xCmeiI7b9cjL0sjb9pliczuL5wPg_BG_VY-SReGZA7ebyzlEQacYwkZg

http://storage.dobreprogramy.pl/.../WinSetupFromUSB-1-4.exe

http://f.ccm2.net/www.commentcamarche.net/download/.../WinSetupFromUSB-1-4.exe

https://dl.dropboxusercontent.com/u/.../free-software.com.ua/server/system/winsetupfromusb/WinSetupFromUSB-1-4.exe

http://www.programosy.pl/.../pobierz,winsetupfromusb,2.html

http://188.138.1.224/.../WinSetupFromUSB-1-4.exe

http://gsf-cf.softonic.com/f45/ea1/.../WinSetupFromUSB-1-4.exe

http://download.pcwelt.de/area_release/files/1A/7E/.../WinSetupFromUSB-1-4.exe

http://e.ccm2.net/www.commentcamarche.net/download/.../WinSetupFromUSB-1-4.exe

http://d.ccm2.net/www.commentcamarche.net/download/.../WinSetupFromUSB-1-4.exe

http://dl.cdn.chip.de/downloads/.../WinSetupFromUSB-1-4.exe

http://downloads.winsetupfromusb.com/WinSetupFromUSB-1-4.exe

http://www.winsetupfromusb.com/download/.../

Scan winsetupfromusb-1-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.