home

7zip-setup.exe

The Jomando Group

The application 7zip-setup.exe by The Jomando Group has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
The Jomando Group 2  (signed by The Jomando Group)

Product:
The Jomando Group 2

Version:
78.0.9.3766

MD5:
c0065881c541cfab2be5531d6f1584dd

SHA-1:
57c5e9eecca16c9e2c5ddd96122c77a98f4d7a26

SHA-256:
b3ff99139ae09817d4d1f8d946c1904d540bdbde56b309540ae526067bf7eea0

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/27/2024 3:43:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
5711090

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Trojan.Application.Bundler.DownloadAdmin.4
1.0.0.629

avast!
Win32:Malware-gen
151212-2

AVG
Generic36
2016.0.2895

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.1740

Bkav FE
W32.HfsAdware
1.3.0.7383

Comodo Security
Application.Win32.DownloadAdmin.RP
23765

Dr.Web
Trojan.Vittalia.1167
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DownloadAdmin
10.0.0.5366

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.15.21

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
15.12.25

IKARUS anti.virus
PUA.Win32.Dowadmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18103

Malwarebytes
PUP.Optional.DownLoadAdmin
v2015.12.14.10

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
16.0.0.1044

NANO AntiVirus
Trojan.Win32.Vittalia.dywbwv
1.0.10.5081

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.4
13.12.2015 06:03:49

Panda Antivirus
Trj/Genetic.gen
15.12.14.10

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.TheJomandoGroup.Installer (M)
15.12.14.22

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.151212

Vba32 AntiVirus
Downloader.DownloAdmin
3.12.26.4

VIPRE Antivirus
Threat.4150696
45800

Zillya! Antivirus
Adware.OutBrowse.Win32.65340
2.0.0.2562

File size:
871.3 KB (892,256 bytes)

Product version:
78.0.9.3766

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\7zip-setup.exe

Digital Signature
Signed by:
The Jomando Group

Authority:
GoDaddy.com, Inc.

Valid from:
11/11/2015 6:38:38 AM

Valid to:
9/17/2016 5:37:38 AM

Subject:
CN=The Jomando Group, O=The Jomando Group, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00F341BC2105AFE36A

File PE Metadata
Compilation timestamp:
11/13/2014 2:58:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:b13jHHjLV7t7mUOlTgauucunT5l5bOxayfLz5qA:pHHvNt/tducMTxbcf3j

Entry address:
0x11C9

Entry point:
E8, 52, C7, 00, 00, E9, 50, C0, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 04, 85, C0, 74, 06, A1, 6C, F1, 40, 00, C3, 8B, 4C, 24, 04, 85, C9, 74, 06, A1, 78, F1, 40, 00, C3, 8B, 54, 24, 04, 85, D2, 74, 06, A1, 7C, F1, 40, 00, C3, 8B, 44, 24, 04, 85, C0, 74, 06, A1, 80, F1, 40, 00, C3, 8B, 4C, 24, 04, 85, C9, 74, 06, A1, 88, F1, 40, 00, C3, 8B, 54, 24, 04, 85, D2, 74, 06, A1, 8C, F1, 40, 00, C3, 8B, 44, 24, 04, 85, C0, 74, 06, A1, 94, F1, 40, 00, C3, 8B, 4C, 24, 04, 85, C9, 74...
 
[+]

Entropy:
7.9693  (probably packed)

Code size:
52.5 KB (53,760 bytes)

Remove 7zip-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.