» 7zip.exe
Overview
Analysis
File Details
Downloads (13)

7zip.exe

Beh

Platform Beta (Alpha Criteria Ltd)

The application 7zip.exe, “Beh Setup ” by Platform Beta (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.worldbodybyte.com and multiple other hosts.

File name:

7zip.exe

Publisher:

Platform Beta (Alpha Criteria Ltd) (signed and verified)

Product:

Beh

Description:

Beh Setup

MD5:

d45e8b11d3a82c1520feee5c186a8181

SHA-1:

9536dea5436238b24e7066d58f5091cc266ee966

SHA-256:

d29264be6814a7cc5f166827bbbde3e875dbaa02c23802bbe2a2629da045b70f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 12:46:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.19.8

File size:

933.5 KB (955,864 bytes)

Product version:

5.5

Web Wizard Lite

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\7zip.exe

Digital Signature

Signed by:

Platform Beta (Alpha Criteria Ltd)

Authority:

GlobalSign nv-sa

Valid from:

12/16/2015 7:52:04 AM

Valid to:

7/27/2016 9:46:42 AM

Subject:

CN=Platform Beta (Alpha Criteria Ltd), O=Platform Beta (Alpha Criteria Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ECC46F7F85712126CA9617071FBF3734

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:pivydy5A1x3qmshO0U1E9r32UynW2r+Fk6xcJ4oBWY6:IvwpqDhO0U1ElmUynWK+FnxJV

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9343

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file 7zip.exe has been seen being distributed by the following 13 URLs.

http://www.worldbodybyte.com/c?x=w20s4VsEJGjCZHJEtT3tzxSoxJhJXxSTfa1vR4Xe4zI=&e=0&c=bxgfIdLWpSF44UOGMYt9CTq6lyRKEJSPR0KriyM/vMfJImlrk6KQHdhj8SG2ctxP0XtpXa5em6x75V6jp/oDIkzV1x4npA6pi2iEwTSSIYPx5LRXc7qok5zZDWbqAfcAe WbPB3isnaDO6rPL5b3fkEGeXXhHBiWuCkCE4TzMY4=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=c3FnQkC Fpw9aZNSRCsKjxo0YvkKtX2WnLqMpHcXSOQ=&e=0&c=PAq2gghKBcmnbqy8uj8tOSaTzT/YNYMU4a8mF8zVyM3VXyq4OuLJOUVIsjqPQXVmIQKHd/xFme17bp8HkpgHjp0qjt5GnIaa4LpRhDGcw9QBdZumq7 WRpWX1c/DiRujaH/3yIQPIRzzhQeFxfvnX VppIca0YGh5AGxWicM9PA=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=E e70/aU0LWKpT1TIL3WSH6ZoztTp3AWFCkslMz1wYo=&e=0&c=i63JGRJ0PQWsEvBdA4UPBU5eyeUJfbHPR/eOEDfMPscw/F3gA1PIC99GmCrfFNQ/jsu/8Ig0Go7h952lFQQ qmxCk1w Utwp2IEtqvKZNwFO1SN3SfJRhcuEMvuqoSONYxKWMNmqMwYTWGk/6u7PsXRSAk4Nhl7eXzJUDuarGdU=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=2k/Haq3T09ZOOLYmSVOWSXmWv/ mZIEYwWV1JGI0LbI=&e=0&c=/RsUNYDvyZgdZF2llwIBcyf6txKpBzuFm 9/VQbkGQY5mElykncmg9M5FM2i4S KL4RATKr ZdV8dtbrSbo0xFb1u43dlKe6XImuZaMiYd xVQZ152P2hkvUnsXiD0yCMrdxetf9NF7D6FgYikhwAvd3UjXo0k0Ul/m 4jYxRp8=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=iiPAkUxUyyRCkNuYPv1xy1LijIHHqvntGvRoHUSanAY=&e=0&c=ha/X1cl4J64W1OyJQzfVScinU9AnzH0//PxHbPqyKPrjxVQnawBwqJwNK558etqzD9DImK7vIKZ2V1W8spMsCtIPCoHz2a8Exr33M0a9xK4WguAkqWmXK9wLKvbo7 ZUm5YONsFQTYtGN9TnqcDbtMAZ6jll1IuvTrKnjBh6t4Y=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=WygjfTikK4JkFEuWhY28n9UBcbyPMmKNfockjdEJZT4=&e=0&c=hVUxWjckhEZqnn0FGjzq9KotPYt eC1TVPxtp0dgIpVHg20b80k61M/WChchPLrF0nhQLA9WtYyHVQfFHxvjs5gxqUCFwSDnML3HP6eIM3sxArj6K6sXHZfvmykNoXjLIpfQxLGijV6Zxa6 3rwVktuQmCAAMaGpeTMGoLzj7Mc=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=RGQ9aXgfuhXGXZM1jtqrD1Phf7NZcfMcbbwqCPDZCGA=&e=0&c=7XqGSYzN4IIakLANXVz0Ukqyn5aUdz7xT4ShxRrdvniDp8gk4d3AaNmmht7O63Q6FL/nSFvh3jF/MvOtbyuKjFnYMCdPUuc2pW9EPqAXg6HpieY5Gx40JlZAHrnTlmmnkzKrur9iutUSe2Nnafw8LyPJvZ1Q8fTsgCH2/baovxI=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=eousGfP6M2GTn5Mdys7UakK0HB/itnzAABaRljuoLYw=&e=0&c=7XaUPiTiezdWvsIgOHKlLkxg2f1ad2TTGFHsrMIgm9ybo5xQM2PpB7riLjPKzF3RfOVNgWZokOafbGpxF7gyES1Bde5QdLk2vuEJNO 7KTP3 r7dqnQ17E/nKigb0kg/LeJlz3vHMVfbUKWTeL/R5OfymknJ7YSdnmMsqtFeVuE=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=MJ4 9zTnpMDJ6NhQf6O7gRTi3t2rQygkSOUL2exH5gs=&e=0&c=1B8LCxqKKJGlEjP2j iD 4QavnviMsTYsiA6TSABn7BgMv HKhimC1Sc kDJ6T4ygSytyVjdle1EnPMZkRR1K21T3GJtDU3yXV7LcY1z6EZyZmRpkhJi8p4kft0 4oznQG22nXlqGhJY1l6AaRQEwvX/56ZidE2PWZy J8FJhyk=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=10sabZk 70z Lqu Vk TyWf3RCJwSkPT2 VkDsj9ndk=&e=0&c=w1hRJRaD1avvi2aQzS38oBH2ZuEKoTxpCKpBRdeyMdkOla6IYqNjL8uz iPgGwsqp2Vr8qCXW5gNV4SR zLQHiFKJEYEZFPpjPiWk CnqdFaQlECXfiZTMMnwOTP2kxONXwc/pkJUah44rxZ9e6RVfeNuSvZyanp4hcCxEa4zfg=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=wSXTVQyXYKekw45vJjA9ST5/SCGOX0ST1XaDeeB0DAE=&e=0&c=Zvb8rqodvYRLD3p1OOpCuXYIEthmmon4/aG3bmlFNKn0vOazfG68z/hzf6DIy0rZ3dIr74W0iVyoH3HC5c5sV8/nFrhvbLRqB1 V7R MlelVV/ SJQncmDCEyZnFknKp9NQLE8ysT/P3saNhpg9BX0sWVhayuCnZ6ajRfkJUd/E=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=lr5fx3uHvgEQQeSBSDFio2nSOmgqggluU/509rJo9Ro=&e=0&c= PdztLg32RdDCxIi6y/o1ZzhVndxGYG6qHx8InESbULnulxeNtKCMHMsuXTcKK5FJa3TdhWqIbZ9lNyZLWMhBdXZYlAtBA/zTe1xG6oNhdr4svutFdnwVOu2ufFC0cZrEcvMg9mnoW/GzOKFoOlZE09/0jNilDr8SROwjYgQ75Y=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

http://www.worldbodybyte.com/c?x=Gl625jVOCTSwb7DrZcapXwbjBjDNKC5H75QWLDvWBBw=&e=0&c=0Nd9PI55v5Yu5oPOzr4yv2N5Bk5egFJOqI2nl7Bn1wCkZaX/xhPxHHE3y2bJUmslclV67drRBbVz jEJEoUnr8h6bxOUXMaEgW6iX0cPiLgZ4PzQrK2hWKRuORo1l3dYpZbyOE/WwZZapizxU35RnxhmoJg4l0UPIa/bKmS0SVA=&downloadAs=7zip.exe&fallback_url=http://www.filegoat.com/7zip/.../7z1514.exe

Remove 7zip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.