home

7a.exe

Microsoft Helper

Microsoft Corp.

The executable 7a.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www89.zippyshare.com.
Publisher:
Microsoft Corp.

Product:
Microsoft Helper

Version:
2.01.0005

MD5:
0c8d3390079abd91ef1d6a531048d926

SHA-1:
4c760102a09f5a660d69e0a631220dddf26d95c3

SHA-256:
1c529c1b91347a22e694bf6cceddc11e707a0a566d6f984bdd62bc49c9aa0769

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/22/2025 4:52:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PassView-AB [PUP]
160518-2

Emsisoft Anti-Malware
Gen:Variant.Zusy.151750
11.5.0.6191

ESET NOD32
Win32/VB.OBZ trojan
8.0.319.0

Kaspersky
Trojan-Ransom.Win32.Blocker
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.241.0

Norman
Gen:Variant.Zusy.151750
19.05.2016 01:04:49

File size:
644 KB (659,456 bytes)

Product version:
2.01.0005

Copyright:
Copyright (C) 2011

Original file name:
Server.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\7a.exe

File PE Metadata
Compilation timestamp:
8/24/2014 9:13:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:I6BacVPZWsGmIf9beAek0aRz6mHGzh6wFOQRDwEEZn8kO:/B9109be9k0wzdHkh6wFXRDZEZne

Entry address:
0x3568

Entry point:
68, E8, 3A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 9B, 1F, F0, 77, 7A, 17, 06, 48, 92, 43, D9, CB, 29, 5C, 14, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 72, 5D, 02, 6D, 73, 77, 69, 6E, 00, 5C, 02, 00, 00, 00, 00, 01, 00, 14, 00, 30, 4D, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 44, 51, 40, 00, C0, F9, 42, 00, 00, 00, 00, 00, 70, 66, D7, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 35, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
184 KB (188,416 bytes)

The file 7a.exe has been seen being distributed by the following URL.

http://www89.zippyshare.com/d/pSXwbAfI/.../7A.exe

Remove 7a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.