home

7-zip setup.exe

DarwenDLM Downloader

The application 7-zip setup.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.laboratoryuniversegift.com.
Product:
DarwenDLM Downloader

Version:
1.0.5.53112

MD5:
74a626ac91242bd3a56e5246de326c5b

SHA-1:
2c39e41f93796ca42d0e703438dea2f3254013cd

SHA-256:
f1f6e71984bd5f6b937ae729013512de40dab06bce482e5002f05a28e297c795

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/28/2024 2:48:29 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160327-1

Dr.Web
Trojan.InstallCore.283
9.0.1.05190

ESET NOD32
Win32/InstallCore.ADC potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.InstallCore.ENG (M)
16.4.20.10

VIPRE Antivirus
Threat.4150696
48690

File size:
1.2 MB (1,233,920 bytes)

Product version:
1.0.5.53112

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\7-zip setup.exe

File PE Metadata
Compilation timestamp:
2/22/2016 5:21:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:/KHiTe8rkcGUBtrn6uu2XzOWii0sqEU15Ts5Dcokin5dYZC:/qaiUHIGSWys5U1mqokagZ

Entry address:
0x1262AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8353

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,197,056 bytes)

The file 7-zip setup.exe has been seen being distributed by the following URL.

http://www.laboratoryuniversegift.com/c?x=cWcbOwTHKYORpBqHWFnDjzFSqjmt9P7PCqRx4BCBq7U=&c=JCxh8y7VtHn910wsFCtx1io7PhZyU3h9fZ20nHEiyFD3rLUj0Cr YLp9QSmQeSEkn81Ag3nPMwhNOnjKII0DpSMFK2q3ul2v1AM3NdZhpJGolCtGjgs4TuL5XV6hPhju&downloadAs=7-Zip Setup.exe&fallback_url=http://.../download.php

Remove 7-zip setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.