7-zip setup.exe

DarwenDLM Downloader

The application 7-zip setup.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.laboratoryuniversegift.com.
Product:
DarwenDLM Downloader

Version:
1.0.5.53112

MD5:
74a626ac91242bd3a56e5246de326c5b

SHA-1:
2c39e41f93796ca42d0e703438dea2f3254013cd

SHA-256:
f1f6e71984bd5f6b937ae729013512de40dab06bce482e5002f05a28e297c795

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/28/2024 2:48:29 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160327-1

Dr.Web
Trojan.InstallCore.283
9.0.1.05190

ESET NOD32
Win32/InstallCore.ADC potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.InstallCore.ENG (M)
16.4.20.10

VIPRE Antivirus
Threat.4150696
48690

File size:
1.2 MB (1,233,920 bytes)

Product version:
1.0.5.53112

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\7-zip setup.exe

File PE Metadata
Compilation timestamp:
2/22/2016 5:21:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:/KHiTe8rkcGUBtrn6uu2XzOWii0sqEU15Ts5Dcokin5dYZC:/qaiUHIGSWys5U1mqokagZ

Entry address:
0x1262AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8353

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,197,056 bytes)

The file 7-zip setup.exe has been seen being distributed by the following URL.

Remove 7-zip setup.exe - Powered by Reason Core Security