home

download.exe

7-Zip

Mozilla Corporation

This is a setup and installation application. The file has been seen being downloaded from www.filehorse.com and multiple other hosts.
Publisher:
Igor Pavlov  (signed by Mozilla Corporation)

Product:
7-Zip

Description:
7z Setup SFX

Version:
4.42

MD5:
8970f8c15e27a0064bd412376be21b23

SHA-1:
27ecafd50c7bb95ab0aa1dc43b4b0c22874579bb

SHA-256:
3375056933f4a577e233243898059feba18763f9a550119dc9d2e5c0bc510a5c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 2:44:11 AM UTC  (today)

File size:
43.6 MB (45,702,448 bytes)

Product version:
4.42

Copyright:
Copyright (c) 1999-2006 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\download.exe

Digital Signature
Signed by:
Mozilla Corporation

Authority:
DigiCert Inc

Valid from:
9/16/2013 8:00:00 PM

Valid to:
9/21/2016 8:00:00 AM

Subject:
CN=Mozilla Corporation, O=Mozilla Corporation, L=Mountain View, S=CA, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0511EAF8579E2662BE622DE5AE0CD408

File PE Metadata
Compilation timestamp:
4/17/2014 1:29:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:LAv+PMiqcGYp0f8m2vsc4J55k1/avLVDazxDF8UXWXlqy+tgLSSTipXRMPNV:LAbif7Eck5S1/aDVDeFhmlByhMPNV

Entry address:
0x21E30

Entry point:
60, BE, 00, 80, 41, 00, 8D, BE, 00, 90, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
8.0000

Packer / compiler:
UPX 2.90LZMA

Code size:
40 KB (40,960 bytes)

The file download.exe has been seen being distributed by the following 50 URLs.

http://www.filehorse.com/download/file/.../

ftp://10.4.29.5/Softwares/Applications/.../Firefox Setup 43.0.1.exe

http://filehippo.com/fr/download/file/.../

http://filehippo.com/es/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/es/download/file/.../

http://dl1.filehippo.com/.../Firefox Setup 43.0.1.exe

http://firefox.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaOOp6Gompc=

http://firefox.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaCKoqCfmZw=

http://mozilla-firefox.bg.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqKPoaWnkZk=

http://mozilla-firefox.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6GLp5yhlZk=

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://firefox.fi.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaCLoJ2lmpg=

http://mozilla-firefox.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6CIn52okpQ=

https://download.mozilla.org/?product=firefox-48.0.1-SSL&os=win&lang=en-US

http://mozilla-firefox.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqiMpqKikZc=

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://mozilla-firefox.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6OHoqOglps=

http://mozilla-firefox.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqCJoJyllpc=

http://www.seamanspacewalkedwo.com/?F3rx0dfW8kL1dPSR5VSGIWWXAVEw1EC1tmHggnXgIRVFlVYQBcYEMURXkvKhZ2QAJcBRZcCwczXRlgRwJFWBASJx1YBxZAPhVWICdKBCtDBhxfEwg7VwoiVgBWUwsLcgotYwA0C0UHBTJLGGBaHEVYEBInHVgHFkA FVYgJ0oEK0MGHF8TCDtXCiJWAFZTCwtyCi1jADQbUQoFMlRNMkcBSQ1VXmANW3cGQEwEQgcnS1YuRwYIFVcncgotYwE0HlEXEjpdDy9SFhdHCgo4WQ81HREXXUFUEVwEMV0eF1EAQ2V OzRcHwhESSI4TwUqXBMcVRZLZgBccwNDTQJQUnldEyMVHBldWS8cdCoIGDYXRwoKOFkPI0FUG10IW3FZGy9eTxBEEBZyCypjATRdAiIWJVcGNkcWF0cKCjhZDyNBXBtfCUNlfgcpVB1WQAoB

http://filehippo.com/download/file/.../

http://mozilla-firefox.id.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqaHp6Ofl5Q=

http://mozilla-firefox.el.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqiJpaKolZs=

http://firefox.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaeQpp-ilJk=

http://download.mozilla.org/?lang=en-US&product=firefox-19.0.2&os=win

http://mozilla-firefox.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6KMn56jlJU=

http://filehippo.com/download/file/.../

Latest 30 of 194 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.