7zip_mp_pgr.exe

7Zip by Fileparade.com

SweetIM Technologies Ltd

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application 7zip_mp_pgr.exe, “7Zip Installer by Fileparade.com” by SweetIM Technologies has been detected as adware by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will modify the wbe browser's home and search pages and search provider as well as display various advertisements.
Publisher:
SweetIM Technologies Ltd.  (signed by SweetIM Technologies Ltd)

Product:
7Zip by Fileparade.com

Description:
7Zip Installer by Fileparade.com

Version:
4, 1, 0, 1

MD5:
079c501cd98fb2259a2f7dfa343df5a6

SHA-1:
b65d9e6eb832f4421d3e04f0178e11fca5930968

SHA-256:
b5c912c1149984a23968e50afdccaae7cba576c90f884c4d1c28c8c76923f119

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/25/2024 1:26:51 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
17962

Dr.Web
Adware.SweetIM.26
9.0.1.0150

ESET NOD32
Win32/SweetIM (variant)
8.9567

Malwarebytes
PUP.Optional.SweetIM
v2014.05.30.04

NANO AntiVirus
Trojan.Win32.TorrentEasy.cqzrur
0.28.0.58491

Reason Heuristics
PUP.Installer.SweetIM.L
14.5.30.4

VIPRE Antivirus
Sweetpacks/SweetIM
27574

File size:
729.3 KB (746,768 bytes)

Product version:
4, 1, 0, 1

Copyright:
Copyright © 2011 SweetIM Technologies Ltd.

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\7zip_mp_pgr.exe

Digital Signature
Subject:
CN=SweetIM Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SweetIM Technologies Ltd, L=Ra'anana, S=Israel, C=IL

Serial number:
5E3BF2B52DA9EA7F1B539A7F018F4EC6

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:18TAD0I4A0ybsVtNbYONLHuz5qD/mZZma9WlhJehG89qm5l0q5HM9u9V1oSu7:qd60bY4Huz4Umagoh1HM9mVG7

Entry point:
60, BE, 00, 00, 56, 00, 8D, BE, 00, 10, EA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 4F, C7, 20, 00, 57, 83, C3, 04, 53, 68, 80, E9, 0A, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

The file 7zip_mp_pgr.exe has been seen being distributed by the following URL.

Remove 7zip_mp_pgr.exe - Powered by Reason Core Security