home

7zip.exe

Fubeceber

AgileMax (New Media Holdings Ltd.)

The application 7zip.exe, “Fubeceber Setup ” by AgileMax (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.worldbodybyte.com and multiple other hosts.
Publisher:
AgileMax (New Media Holdings Ltd.)  (signed and verified)

Product:
Fubeceber

Description:
Fubeceber Setup

MD5:
68e1f136c0623c06c08ab696f78f9a22

SHA-1:
4c8502fb138557b06d365b81a62d74428336c616

SHA-256:
5e46a98a7aaf1f94193c30fc3b4bab3ab711212261c848b53b8cdaacc7d09b54

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
1/7/2025 9:41:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.8.2.18

File size:
930.9 KB (953,264 bytes)

Product version:
4.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\7zip.exe

Digital Signature
Signed by:
AgileMax (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 4:04:31 AM

Valid to:
10/30/2016 8:53:45 AM

Subject:
CN=AgileMax (New Media Holdings Ltd.), O=AgileMax (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186313590F7C0AF7C143BC6BDE6200476

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:4vb0HxoJCsGJqKuBcgHk/w54a7fPs12ygRs7t:EAR40HRgE4P7ocw

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9348

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 7zip.exe has been seen being distributed by the following 4 URLs.

http://www.worldbodybyte.com/01eaUKtOb0S3InCJUrQYytNvUbPtL9RJbWptE7sckG_pvH5P3NtVQSMhJbBs9XQv5YzOcwbqQjvZ5I1_KZ4rtYMUO7xM4FaLZmqctCBkRaCJZQoid_e_PJPdfFv5Rhx0ZQxKsTeqSde 0RQwOeE_YlXqh6Q_J2LETspBt37Dap9o7SX teKddw9Oiw8jld3_lNWFLrJ1yv3sDFzDNwtvFdCYzNwRAufAr5tFnnKO1Djsx49fo4IQN8vTHcm4ypliWVFsN5yGx0YEXIv2WiCchQuZKcBGHsdJKXTX4tNtbwuY7XyxzS IZvZJityNvzvNV_cxX_Nxdee4LIFouRTMS0qWbpwLWXLvX64X9Uvk03mf_QJDitwpNmZxFR_FKMW6hAE4Y1FGtBJAk ADWFcUK1uPdzSLUDb9FMoVBKVcNxKVF8QI4hNQlCX1dFeleiZVmT W6u0Cm3agoLRn4idJL46N4AL2eFAMSSNloQ3BQkNsZzEltftJ toL1Lcv1i9AsmLSAYR-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

http://www.worldbodybyte.com/dnxtVQ4CgQvYIzNcv2hlpRSavZlEoFhxJNSiFTNIDy6lwsvyd35Xb5cmyajdmAigt tnxx 4WXzmuwS43bdlWDOJeUIleCCA2R2fueChqRHAs9aj1fuj4vQKunpJSP0phBhfkqRewe7drGjyvpKu5sdKZpD0 p7ji04S8HTRGlnVpR11Z9NJdQ7sITEuiNgtnDmP5SoMZ1n7WKoI_XpZi1hwwE4GmQy3 wAdxdyKgmYeQXakfpXGH6LAdIvY68YX1Spg1d3H6LXSk_hERdrWqMA6uaeFQ3PgvBVYQCxJkU96NgmZ XpeDfUHyE17xl2HV9oIbLBzq9XmsUCGd5CGoG31SLsV88w8NY0RQMOUAv8f1ysBRdq4HMwQ_2A1aLVDVcVGti8r ccYBsnMNwgsxFVTyWmgJ1LODBBEHacvnJt7KOgcRujxAvM V19pRESbgueLcMo6Lm6fpq9nM_JiDogRfjab_kPnvtHgJ927Cwl94JH4HDghDmcUSL3FSOk22Swr3rIT-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

http://www.worldbodybyte.com/kGABZvNTAThdHAVNfcOloPcY71muUDUME F157RAoBKVwhGnCW5iXXxYFQ39iuYT uR2iSmZFbLHgTQn9u8_uW6LiIbZP2Spf1hVr9K0 m2Xj8psCgmLk2jW ZdPWjyVcEYfzGr_ Hd0RLkNrSY7X_cvlGvw6zIWc0JYDtaHj5GXY0uFg7NIj9XbeQRk4GWB6mmWuJlgJEDy_2 fy21LK 1r96VvJsTDW25TEsBpCz3vWvwxFw 80I_SjYrsjawWDMadPWADqucvMKRsrgELmqlTkMBbVPhnk GQ5Nj9lu0SxLIv9QsXNWJv8MbxJcAMhEOdLhyPQ5QQBHNkVxe0tAmpBBsTCu17nCbn5dPuponBmOEjiyCjBsSmq3YqWC4xITdy5HlUxcnr0yckF_arEmhovBqhTr3fJvlalDR54cBtWaxBpZ2svt_W1iK8710AWyvfY5 IeeLWUZ J6ORosABSMCSJ7N5Ko79vHJvaDLRRhDY4Ujj2GwcUO2t775GY7Zi7kZy1-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

http://www.worldbodybyte.com/qqEAgLzfMXj1Rl_o6AkmoDCXdsSBQHvLGS1EAnhYnOigkNu_o500kotojEfaNd4EKJ3JPdJc_P4tiKINVqrly2DBzSmhtjd0TZBeCPtWSxLkPe YUL_vbfyWydOTnqCifxL4IIHvHVUljMv8WP E98LGB89EZ4QblOfWjb4Gf_HcTq0rCuWVnRdWFAm2kFz2wwG8x6m0y3AfCydZU 80vZA2Dby1 CamZCK1y_EjFpnOsfNvK0n6mwEKywECjDy mU4IDJQwiw4ghLf4S5QdDNM5WJ_A0CY_s9wb5zR94JfPaWbRrP6tS0H3nnF3uGIxVv8TgJXrx1qaKjGyO0azqhuE0nOInmMNxim1z0gIPAyHPmxLbkPC1_u0YbHHbCpo2Cz4Buw3a_b5pdSSgtXLSCt9SSkEWM2rupZxvL6R968kAnMoyv8y7JHhJWHAoiSajoxzviPKIXi0NhnUaWYyoh7uuxcxry Xsjto4JyNyhW6pP If8OV7yp 4etmjk5TFUSg1mn5-Gy0AAOSbnh8p8t2U5LG1dmxgIgfstYgOaO NA0_VGPleDctll fUqY1ebeejDgkxxAs=

Remove 7zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.