blackfriday_build.exe

7-Zip

Digital Pine LLC

The application blackfriday_build.exe, “7z Setup SFX small” by Digital Pine has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the 7z Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from fastloadmedia.ru.
Publisher:
Igor Pavlov  (signed by Digital Pine LLC)

Product:
7-Zip

Description:
7z Setup SFX small

Version:
9.20

MD5:
b68a01f7c925c1e9d34c055f23425a05

SHA-1:
66f9ca9563ea0646a8e170fbf9ce7336045d0b2a

SHA-256:
95468688a413e63f856fafd709dc79ad378e6a59ae539b7e7185766d74c1bf58

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 5:30:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DigitalPine.Installer
16.2.17.7

File size:
175.6 KB (179,800 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7zS2.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\blackfriday_build.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/29/2013 3:00:00 AM

Valid to:
7/30/2014 2:59:59 AM

Subject:
CN=Digital Pine LLC, O=Digital Pine LLC, STREET=6/2 Bibirevskaya str., L=Moscow, S=Moscow region, PostalCode=127549, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF21E3DA3613E8FA9E989AB75E8C4F

File PE Metadata
Compilation timestamp:
11/18/2010 9:41:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:32SjsXe8kZ2h136AfRgSKs6weDsS3YQKUpsbAU0Sjd5QeoUS8zlDygL3Z4XAjCPU:mKsXNa2v6aR+CRodU0SvQnUHzxygL3iM

Entry address:
0x643F

Entry point:
55, 8B, EC, 6A, FF, 68, E8, 70, 40, 00, 68, C0, 65, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 6C, 70, 40, 00, 59, 83, 0D, 00, A2, 40, 00, FF, 83, 0D, 04, A2, 40, 00, FF, FF, 15, 70, 70, 40, 00, 8B, 0D, F0, 81, 40, 00, 89, 08, FF, 15, 74, 70, 40, 00, 8B, 0D, EC, 81, 40, 00, 89, 08, A1, 78, 70, 40, 00, 8B, 00, A3, 08, A2, 40, 00, E8, 11, 01, 00, 00, 39, 1D, D0, 81, 40, 00, 75, 0C, 68, BC, 65, 40, 00, FF, 15, 7C, 70...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
21.5 KB (22,016 bytes)

The file blackfriday_build.exe has been seen being distributed by the following URL.

Remove blackfriday_build.exe - Powered by Reason Core Security