home

7zip.exe

Fubeceber

AgileMax (New Media Holdings Ltd.)

The application 7zip.exe, “Fubeceber Setup ” by AgileMax (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.worldbodybyte.com and multiple other hosts.
Publisher:
AgileMax (New Media Holdings Ltd.)  (signed and verified)

Product:
Fubeceber

Description:
Fubeceber Setup

MD5:
f0bfe6d9068348647f189f447960c7ee

SHA-1:
4b27579917f039ce78a090af9aa8b4f345346f60

SHA-256:
c3047e8541df63945915a06c5ce419855212200bd28b2542be564502b5a3f16f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/7/2025 9:30:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.8.2.9

File size:
930.9 KB (953,264 bytes)

Product version:
4.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\7zip.exe

Digital Signature
Signed by:
AgileMax (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 6:04:31 AM

Valid to:
10/30/2016 10:53:45 AM

Subject:
CN=AgileMax (New Media Holdings Ltd.), O=AgileMax (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186313590F7C0AF7C143BC6BDE6200476

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:8vb0HxoJCsGJqKuBcgHk/w54a7fPs12ygRs7t:YAR40HRgE4P7ocw

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9348

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 7zip.exe has been seen being distributed by the following 2 URLs.

http://www.worldbodybyte.com/ykKVx1aofC5UimrXRB3sgzAaJODA4IXkDWhILyb6Idkh_yYULNUxa7WmtQAbPokGvNu 9h83RJRpIqqanMwOPS 7F2Ne6iKZik74wPXgZcO3oLw_ed6ZBgdvtlBiN20EAVH HyfkgMIfyn4aPd_Ay_XaNJlmxnHzcS6OtzWtiUIo3uqflOo1Bu_9om_TJu6sVcvzthOPmufSQWoXEdffNXgocYKpqlEacKO4m7jo0EaZEPaSxAxxYld1E4I4N4yYrGtRAqae551RhzmWFDAtYTBoniG307UQdzfTnciTRlwZMdcSYrbRAyI94lyr4ldewJbmdzy2uXfO2AvJZhi8mBguSEp5chySDZ1NcrnXKeUuD5fN5oSDv8Zn2kNsue25myMGu2kk95NHL1MDHRbAD0byXxbmvP4FZKgbiFoUx52KA0qmzCvUp1nqMBZ7tdg_ZL agtV14v155m6y0IijkeGDgZmg7NRdmf295YQI0RyYjjBjPyIpHSF1ni1hTxclo3g0Xo1O-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

http://www.worldbodybyte.com/zd7US UgXNrlc9lOxoRe9exF074E3PzOCKSUDTsn2k8ZJMAzn927n3_SGJBkyIZICFAr4aXuUGBcKKNOhOsXmm8docUGKl6fytaWlBHtAWEefUTnXqsoDVvIBcAXYqOKFEpqAABDeqb836N9omWyF0E7MscKiDZCi4PPX63ugEDLZdUy3sprraxfvMsoDVSuetfxttuhChC1XP N1giFrpKJwTkRdU3mOgl_2ZgPysSnd17F_5KzefmgA5J_G2iFzPsRVWw4NcbB0nEfRAwe7vtRg SLm6CVuyf_ZrDYAlDF6g7FBD48Fnt32HLavSqoWpkJBoFbKlMyhJSRLZLYytxZY9dK 0onoWKhFl i5j6cgRQiBPwxCNV7QEVwJAkm6BmE wZD TB7E6S25vBB lENOPjAiB7EzzJpRf6CEpHQkA7R9K8c7cdkzwFuz pxtEfVxkbnQ9gletXwATK8t9BAu56bSx8a7QLnOHwavBifxN_msUAhVgjw K54xQ97CEFlE8Wp-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

Remove 7zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.