home

download.exe

7-Zip

Mozilla Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
Igor Pavlov  (signed by Mozilla Corporation)

Product:
7-Zip

Description:
7z Setup SFX

Version:
4.42

MD5:
e2abd1d4afb39ec35c2ebd2ea61f21ee

SHA-1:
097081e7e45e6a1e2c4b5dd1f99855e1d4a66ca1

SHA-256:
df8e7671bfa4c8c40c5134daf5d59215b51873ff8afec892cd8aebec3b9a4b9c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/13/2025 6:20:00 PM UTC  (today)

File size:
43 MB (45,044,392 bytes)

Product version:
4.42

Copyright:
Copyright (c) 1999-2006 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\download.exe

Digital Signature
Signed by:
Mozilla Corporation

Authority:
DigiCert Inc

Valid from:
7/8/2015 9:00:00 PM

Valid to:
7/13/2018 9:00:00 AM

Subject:
CN=Mozilla Corporation, O=Mozilla Corporation, L=Mountain View, S=California, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
09E65AD807B8497B0749D41568D626D0

File PE Metadata
Compilation timestamp:
4/17/2014 2:29:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:jOXbbpa4EmtIzjKFc+6tIpFsIAbE+PIoobk73ye0pumRuNam5A:jS7xGzu6+7sIApIFwaum05A

Entry address:
0x21E30

Entry point:
60, BE, 00, 80, 41, 00, 8D, BE, 00, 90, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
40 KB (40,960 bytes)

The file download.exe has been seen being distributed by the following 24 URLs.

http://www.ranchsendgift.com/eCeWBfGW2Cewqu0GOtulG9rzIj3ShS33LvHZ5qIIAk4l3MYrpkcj9ebUbnhHbqlh34NJOgFKKtFSDrDJPkmeNiUzbWm9BB51Ra5DcskyZzCONwFK87Vf5DlMFQzv7vcKJF8CyddU0f0a2gszh2Q nJcnX3U7aG8YvRN0hqmftccyHM_9POTTB38JFHFYYUqWJ0dCCCRG9TvfiPTk7YLT4bR VcanUw==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

https://ftp.mozilla.org/pub/firefox/releases/47.0/win32/.../Firefox Setup 47.0.exe

http://www.ranchsendgift.com/9HPZ5_WgGRtYGDENRJcwlPU4IvjAPGuiv5fTj7m4_ZFeQRfC9_F7_wTmddN8NhZYYd91UT8udFqOtr1PS4X8BiFy5AuGIEaO9A7YABovwbuX3LQbDs896PLH8jXj3dsYOi6Lsjf0pgChtdGZ4L9vsl83ssGEmC6GiYpNelLtADDtq9uXsPzcxo5IdcpqhBuk5P7bW0X1mwkPky5UHKoC8L0oVrYEDQ==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/uI2d3T4y8aW 6xNh8Y8MUPjMw2_bwiExQKdLDjS1p0Rude95EGoDXBfFDFCsG66tuIJEb0rFKq3c_Pimg7n_ztcs_hhHYry5bJqH3kkndzS8UWnoNCsRhRWoZ cR4yVazwegEvOBMYIKRw6JLbP0 imKnnUMn7d3lRirWVfnNcuXF5tqaP1nDRiKY_oxS AZ547d53_hJPxdorN z33BrWiTJa3xUg==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/DDUYuKmY9c1ntYO1KkPXZgvfvWOZ0HdqmdwJg3H2fL1nzhwWt3bKvW1AxEKr1BvGIL dI1qk1Z8TeSC4GHUPUX7l40439AnWFjbh1i9BUtjpFcrhq6s EWYDlQpBpxBK6RKGMHbQjJBCrfZc PV0Oq8y0GQVKcVf MmIinao0YgPm2OmVzNMbX_E5iKukhZL_MKkvf7A13BV pepE_KMLTeWtW80mA==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/lelIoGZXu0WqsrpVOoJC1QnoO6lhDryEatedJN42sl0asTgfNOagwDz19h2SCv4Pdune549W8hjHpr8EpXmjarxi5yr2IRGXweFGbHHuqCF24F_b iUQvugb8W5vUZxnBBlfBaYugX3BC4A3X6oODTwUtOeUObUy5iiZDIoVGN_7ZSM67Qpyy2WjlxCKpraWCLGSwJ9jO6hw6PnQvzHxxoktPOze0A==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/3sfou3_65nIQ9re2W2ZMO0DqkiN7ArUGkdsAZld8oG81YRo4ymPHmMgCTTC8EhWpsTLMkSh64LGELk8MfjiFAhcxVdrmLyusQZmezed6SbvZR1YLt5hpoked6o2ZlGr6BBPtbCtEjC4QKgxE7SaeQ_PmMDOGcOHfZ 43klGPVZp3jgx1QaNq38HF93QeczUtNA5eXH4psbGCZsJkvUREYZywJIjcJA==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/yl2WVZwiZUcenDQCc_hF1Nk8lULtG1oCdFi61DbSXH ccc4AJ9vXbzSgH4hsHOyW_asODIZY8XvFuiB8IQC_N_rclEoo1SwXFU5W4wUelZm0Fr07LnVm8T4zYeuPgjNJK2G0Q8x LLT2ysdp0h6WNalt5 VtS1GCO0EuTinV39InYhfN5Aff2SPoW5hQ5Hnjx1OnWUlS xZoEy5cubHmk2_ti7wh9Q==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/RbJygaDojoy4DUTW0axWi0QAznXhJXnGeZfQydBvlrZ0UStdGdz6Q4Msk2tMdzZYON23hCq_ i2 mAR5iyWp5c6xGKoyM49ybQ ogV2BSRqbT5N_FVc2efFVRJsvhGnXFr7M7jexRrAGpffQ6IPwHBapAvuJb2ocb1CAvMTec_NveCmqiorhZV3Wb6brC8WpMJpAwA_u_2wXs_5hHoPgJk9QpLsoRw==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/EvaQkHAxGx2T5kAIsCd_ydMPZi81XniTaAxczOAqWu1fsDuoATxXYg8Xh iyfln5Uj21DuJRsQj1Jsmm6L4u_Zew7hnJNsdPMsWWig_hb5g6t8h3qYzM2qUZoA50Kv_uKKzZyjRuUfExTsE_JIdghX2Ih7TpMLPdx_qw_8wuxMSnnITbkB_ZWNF iYq2hieKkdtOsg3HZF62NqNWyQp8O1ZrEAJOfg==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/9YjlMz4Atq9UxZ7yuJfmc3C glEG1fCiujqosUhVMAQ76J__CJ2cLYvUQEztcRCAtmhUsAG9RmT0hEpHll3giFY404Z_zqnBerUeCKKx_DZbj0bDnqMsvIBImLhz42EeRVTQPSD911birz9uOEOmPuxE V1dZOLr25YHnTwzoLGSqepYY0sQ7QoHNpL5n9xrFBECmJHWnIH6QEKP450_suM5FxRs2Q==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/0Q8DH8T0fH4ttHHqx8ivZz_Kh2pIylwO lBXni FHHJNawIZ1ZDQ BAbOtLg8LZhLzW_dyDkAP8acgDukMssCCdByB88_ruqGJT1J2wP2jtCTGFcw4TyGEus8yuLV9z6 l_LYJA9RhJQc1wtCLc 1cRxhbvvxjYMn4PvAfr_em_pGI_52k5 ZnFQyVKo7WRm5DhiG0WNeLiIlcHrvnVnoh HmL nCQ==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/UGUO6i8hPJnodu9CC06JdhA5Nmoi5m 8ZMZJR_LnxPgCT0eLPnbHiUpmq4JyHMRG5PhFd3C7 QpZWMZKq40kd9I_b0STu_SZAed Vx224EkjLpgkWCgwm3blhgvPAlYPIyCH8VK_JHTn2kU0BeyVSVWRvdWJvzmf37fP8vFXNkaMhIBcREZdGKWwZa5nJJ20Tpp6P4 8i3U1_rCSfuzKWsxdHqmWlA==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/ncBXKtkO8g2hoFqORjzRlTcd5FRUeWFELKbwsSaHuCtOx6RSAHL2ckiwtf7 TA_e3csfk8lbOS2gEC4dmVQ jB73FHdiR34CEiMU2fQezxXKRkKMmDcKKkIj7gbvoR7GM38AB1NJaIY7QP QiI8WoriWmYJ_eOfs6EGtRyR9IN5F6jcEFyfWaJDqqaZ9_LoYDPKC2_uqPZQBxLnYQsx_qu_1IZjbwQ==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/Fz1SgmGrPiELFNyGYp53uMlxK9aTbDiAU 5r8m07KqHeBxzTNlQycfO1yX2qtEtwEu5mEdYYnPTog6ZhOS6hIrubgTtOKe6E4rosJarfv6vX1YnpSUeIZceNY5OgFi95iIRs_nSKW7GC0NU4LzRlFtpSblTdO10uSt 3QJcRcboeOIj5Fx_9Nqh_kUWrVbmgHjM5odMRn2LSI0DMxWftQL5eJmOezg==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/LyWmNSk P1KRTmabwh1sWe8VnigwBTrKGQTeGhXuOicsbADylaaz32agK7TezZ4fK5hg3UOvIfm8hwIw67gdWj0Nk4_8vDTEv0Ooz0vNpaDKcv8sHx6SyNQYAMIdNRUPzIncK_tm wE0NwmU_a5528SeBzRm5aMC4b34eP9K7HV9xsRb5DXQL2D_57nW76cWQJaClGW5cfpeK32CRKavdVddEMXWiw==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/EMSWKIFFt3YZvvHyXbpm3uAAeiJwL8cfs9LufsQezgu2Fn3aBHaIT5BQTac_8AI3l0sO5UoXw5P7aGbo7qyxKvgz5xDS7Y6CcKSEURIJHN12X2 RAlI0R _IYIXyLfsjBsZJGs yzmPEQKnISaxVQZIiMp2gUcmUZq B1JRfXHooXom3Xq2CY4PGptyDvUHotggtAkFQAxXZ7ZxVyK6K_NBoRC0v3g==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/XwTMQw6TexHMCTS1PmpssgNgmKp5SQUTmHrhLJlXRqsm5FlSsciFnM0x7IoMcxEFD1OLnhxVHJnNKT 1DGR3y04x6lgU2Za7FBUYav7iJubs8dzZNjAKsAFpNz1xL3vCnHRPFq5d64UQGbkLKOy52Y2Xm7SiYhdTdPL1Rniti3AUKOS32JpA7WwXP4sUKAvk7GSCujj280dLcOtcLM21cEfi9yRY7A==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/eklEjW7KW_yor_7E 96rDtxFiGehiwtdFZhfueVC_rEb9I3w5uJvwCBWC789QhL5ZbMm48yozP8W85ExH6ngfUlaCqR06sK6NMy5KgsX0tk_6sHb3TOTJ1f5PxZgrEmSY0GspNv4o0y3H6yK_wz2TCWhNLNt6FUYChDhFAHS2u8Hr81OR2_7IDr 9vkOdQ0u7ylMZtXvXiOrXwr_W6ztWugTRKKCYQ==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://www.ranchsendgift.com/uioXZHgLrDK8slhTD9iKGvcxt37GIqcrkuqv4BbVNETCl55YJ6N8n_mkNfqyLhXNq3XDc1xikeIbX6qcgnwl9nDxXaCKFhr4iyD1h hc_sbO7sfGRj4FMhidKXw w6qc4mXi0Aitumo5c3OWSHWkQxqTzNPLeKfFFj2qv5mp3QNIovZ5i1Xl7vq4ME0bOPGQFDNLBzBHPr_0YY4Y376ogeXcjBIbCw==-GzUAAEQnh_QvaItaINlFwuDIkAOHtuwiCdYY13129i9REtaLXcPULz6yGJAW

http://mozilla-firefox.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANs2rDG86M7OZm0W2c 1FX8vGiFSwHUDQ7ZR3fNcX5WDxstrn fVASZyiYbzj840l42H8VP j8B8j5VNiZsYf/pLakY4Wdct1ZgrUe3/BL/Sm4J/PImPR1VU6pIpHykZgex99ZrpD4KV0xk/.../eIobxegC6g==

http://gsf-cf.softonic.com/097/081/.../Firefox-Setup-47-0-BR-.exe

https://download-installer.cdn.mozilla.net/pub/firefox/releases/47.0/win32/.../Firefox Setup 47.0.exe

https://download.mozilla.org/?product=firefox-47.0-SSL&os=win&lang=pt-BR

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.