» 7z.dll
Overview
Analysis
File Details

7z.dll

7-Zip

Shenzhen DriveTheLife Software Technology Co.Ltd

7za.dll is a stand alone plugin for the 7-Zip file archiver and extraction utility. The plugin is used by 3rd-party software to provide archiving functionality for 7z, ZIP and gzip formats and is recompiled by Shenzhen DriveTheLife Software Technology Co.Ltd. The library 7z.dll, “7z Standalone Plugin” has been detected as malware by 1 anti-virus scanner. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.

File name:

7z.dll

Publisher:

Igor Pavlov (signed by Shenzhen DriveTheLife Software Technology Co.Ltd)

Product:

7-Zip

Description:

7z Standalone Plugin

Version:

9.20

MD5:

039e2247a7115d292acfb66405639e6b

SHA-1:

500a8a3cd784437f2dc42e6db430b77a89abece8

SHA-256:

9b5f2055679c7c899c4aff32d6e75ba6e2e9a2862411801739960f56885d122c

Scanner detections:

1 / 68

Status:

Malware

Explanation:

This is a stand alone plugin for the 7-Zip file archiver and extraction utility. The plugin is used by 3rd-party software to provide archiving functionality for 7z, ZIP and gzip formats. While the file itself is probably not a threat, it is part of a container that some AV engines detect.

Analysis date:

12/26/2024 12:17:09 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation (M)

17.3.7.9

File size:

974.2 KB (997,575 bytes)

Product version:

9.20

Original file name:

7za.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\ostotohotspot\7z.dll

Digital Signature

Signed by:

Shenzhen DriveTheLife Software Technology Co.Ltd

Authority:

VeriSign, Inc.

Valid from:

9/13/2010 6:00:00 AM

Valid to:

11/13/2011 5:59:59 AM

Subject:

CN=Shenzhen DriveTheLife Software Technology Co.Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6BD0FA3111E160370E598F35D20A41B4

File PE Metadata

Compilation timestamp:

11/18/2010 10:27:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x9AD87

Entry point:

E9, FF, 28, 00, 00, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, D4, 3C, 0C, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 04, 65, 0C, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 15, FF, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, EE, C9, F6, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, F1, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, E0, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00... 
[+]

Entropy:

6.6832

Packer / compiler:

Xtreme-Protector v1.05

Code size:

654.5 KB (670,208 bytes)

Remove 7z.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.