home

activated windows 7.exe

The executable activated windows 7.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl-13.one2up.com and multiple other hosts.
MD5:
7650d0d7a959ca27111ad668774e0236

SHA-1:
7afe259f9c9c88c6f55389a5f769d0a71fd18a2d

SHA-256:
6d344d017bcf4f92d00e8e3da44607316d5f799e8c8e0a82ff84dbc570f3be45

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/26/2024 1:04:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.382730
751

AegisLab AV Signature
Troj.Swisyn
2.1.4+

Avira AntiVirus
TR/Trafog.A.336
7.11.198.192

Baidu Antivirus
Malware.Win32.Activator
4.0.3.15115

Bitdefender
Backdoor.Generic.382730
1.0.20.75

Comodo Security
TrojWare.Win32.Swisyn.yib
20537

Emsisoft Anti-Malware
Backdoor.Generic.382730
8.15.01.15.09

ESET NOD32
Win32/HackHosts.AB
9.10946

Fortinet FortiGate
W32/Swisyn.YIB!tr
1/15/2015

F-Prot
W32/MalwareF.CMCO
v6.4.7.1.166

F-Secure
Backdoor.Generic.382730
11.2015-15-01_5

G Data
Backdoor.Generic.382730
15.1.24

IKARUS anti.virus
Trojan.Win32.Swisyn
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.188.14496

McAfee
Generic.dx!srt
5600.6885

Microsoft Security Essentials
Trojan:Win32/Trafog!rts
1.11302

MicroWorld eScan
Backdoor.Generic.382730
16.0.0.45

Norman
Suspicious_Gen2.GKPMX
11.20150115

nProtect
Trojan/W32.Swisyn.2188196
14.12.30.01

Panda Antivirus
Trj/CI.A
15.01.15.09

Qihoo 360 Security
Win32/Trojan.960
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.125194EF!307336431
23.00.65.15113

Sophos
Mal/Generic-L
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Swisyn
10114

Trend Micro House Call
TROJ_CHIFRAX.BW
7.2.15

Trend Micro
TROJ_CHIFRAX.BW
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
36232

ViRobot
Trojan.Win32.S.Swisyn.2188196[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Swisyn.Win32.8604
2.0.0.2021

File size:
2.1 MB (2,188,196 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\activate windows7\activated windows 7.exe

File PE Metadata
Compilation timestamp:
7/20/2009 3:15:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:Q92hU6oymYzn8EEUOHlAiwBzaRWmXjowRuQx0Vc6DBvI8qJIzbY/JgZ7hEi:Q9lyzznaUOHWiSUWqjRVx6D5wgZ7z

Entry address:
0xA794

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 54, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, E2, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, C1, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 30, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 34, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9099  (probably packed)

Code size:
66 KB (67,584 bytes)

The file activated windows 7.exe has been seen being distributed by the following 6 URLs.

http://dl-13.one2up.com/onetwo/content/2013/3/.../72903c305ba97e810c4feb46a3a8f1e7.exe

http://download1816.mediafire.com/1zqcsd1e915g/.../Activated Windows 7.exe

http://download1163.mediafire.com/53er8kd11osg/.../Activated Windows 7.exe

http://download1163.mediafire.com/tdbgikk81tsg/.../Activated Windows 7.exe

http://download678.mediafire.com/9tbinjfe4ajg/.../Activated Windows 7.exe

http://download1163.mediafire.com/n3wzsjry6uyg/.../Activated Windows 7.exe

Remove activated windows 7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.