7-zip.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 7-zip.exe by Smart Secure Software S.l has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp545.com.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
c0bcbb1681d9deaa558da2959a0e7267

SHA-1:
4126bcb2604a378422c195a8c8216691e9b37497

SHA-256:
e337a35b685b4cc1100509c67a435eb920a795f2e200bdc98bf16915138263c1

Scanner detections:
10 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 12:30:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2015.0.3383

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
8.7.0.302.0

herdProtect (fuzzy)
2014.10.28.17

K7 AntiVirus
Unwanted-Program
13.183.13054

McAfee
Program.Socrydo
5600.7039

Norman
Malware
11.20140814

Reason Heuristics
PUP.SmartSecureSoftwareSl.F
14.8.14.5

Sophos
Smart Secure Software
4.98

VIPRE Antivirus
Threat.4783235
32186

File size:
1.3 MB (1,373,656 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\7-zip.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2014 5:00:00 PM

Valid to:
6/17/2015 4:59:59 PM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47353B4EEC0D902A135E20BEE1A66817

File PE Metadata
Compilation timestamp:
8/14/2014 1:04:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:XS6Cqp3hVbl9HxvLhgAFlMlCcmpElsnevdxK1NpA:iqp3LDxdg4lMASl9dxKna

Entry address:
0x3DF6

Entry point:
E8, 09, 27, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, F4, 95, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, F4, 95, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
7.6728

Code size:
61.5 KB (62,976 bytes)

The file 7-zip.exe has been seen being distributed by the following URL.

Remove 7-zip.exe - Powered by Reason Core Security