home

11589_driver_xp_vista_7_3_20_1.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from de.hama.com.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z SFX

Version:
4.42

MD5:
82225d8cae280647ae163f0ceef92aef

SHA-1:
f7ab53291bc5138d919955b5aee517d31f759531

SHA-256:
0e9193d997925a84f77c44cb09368788d1be6296076cada0222c6b2bc4fe8fa3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/10/2025 10:05:30 AM UTC  (today)

File size:
864.2 KB (884,985 bytes)

Product version:
4.42

Copyright:
Copyright (c) 1999-2006 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\11589_driver_xp_vista_7_3_20_1.exe

File PE Metadata
Compilation timestamp:
5/14/2006 6:24:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:LD448Oq+oUzdnPNbhh2++B07NSpW7lxt0znpZLpEKPmqhZI/OmcgNm:LD44FCw9PNbhh21B05RY+Amqw/dcgNm

Entry address:
0x18136

Entry point:
B9, 1D, 38, A3, B5, 01, CE, 8B, C5, 15, DB, AC, D4, 0D, C6, C4, 8B, C7, C7, 02, 0C, 55, BF, 38, DE, 1D, A0, 8F, 00, 22, 88, FA, 0F, AF, FF, F2, 69, C8, 63, E9, 0C, 73, 13, D5, 81, C5, 18, 24, F5, FF, F7, C2, C0, C5, CE, E0, 0F, BE, FE, 81, C5, 46, 24, 0B, 00, 0F, B7, DD, BA, D6, F4, 92, EB, 0F, BF, D0, 68, 34, A6, 56, 00, 68, F5, B6, 47, 00, C7, C0, CF, 8E, 3B, CD, 8D, 35, CF, AF, A4, 7D, 1C, 5A, 8D, 05, 70, A1, 2F, 3F, FF, C2, E8, 15, 00, 00, 00, 85, C7, C6, C6, 42, 0F, BE, F2, 1C, 2E, 0F, B7, ED, 0F, BE...
 
[+]

Entropy:
7.9134  (probably packed)

Code size:
101.5 KB (103,936 bytes)

The file 11589_driver_xp_vista_7_3_20_1.exe has been seen being distributed by the following URL.

https://de.hama.com/webresources/drivers/.../11589_driver_xp_vista_7_3_20_1.exe

Scan 11589_driver_xp_vista_7_3_20_1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.