download.exe

7-Zip

Mozilla Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Igor Pavlov  (signed by Mozilla Corporation)

Product:
7-Zip

Description:
7z Setup SFX

Version:
4.42

MD5:
1161204d9f4516412fb7462dab42f0ce

SHA-1:
83aedfd79ff9bb2c2b17352f69643549796a4243

SHA-256:
12c835891c3653d349e1f9229265e0a6722fc18e72455f91d96ab8de3b12dbd6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 6:46:55 PM UTC  (today)

File size:
39.8 MB (41,692,768 bytes)

Product version:
4.42

Copyright:
Copyright (c) 1999-2006 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\download.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
9/17/2013 2:00:00 AM

Valid to:
9/21/2016 2:00:00 PM

Subject:
CN=Mozilla Corporation, O=Mozilla Corporation, L=Mountain View, S=CA, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0511EAF8579E2662BE622DE5AE0CD408

File PE Metadata
Compilation timestamp:
4/17/2014 7:29:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:R7eXaDQ5H4fwQa3m/82xn2BSqoRPNUq0V0hNuC0Jy/YLvgV3u:RSXa85YBiwgSvyjC0JgYLU3u

Entry address:
0x21E30

Entry point:
60, BE, 00, 80, 41, 00, 8D, BE, 00, 90, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
40 KB (40,960 bytes)

The file download.exe has been seen being distributed by the following 20 URLs.

https://dw.uptodown.com/dwn/g-me0iI87prWzOk3AFToj6kvmhNKSh3-yMcp-Jyz_rDBMPWRSICJYcHgVMMftTbIxVska8y5Nt8vT7Y9mz7PWSW6c4f0RxwRQqA-OkTt9cxu_x07dUfBcmt4JC0LA5yE/TBaTQkGAmYw-ZJA945KXZyBAzRTU2vVRmItnIslA2EXR3s-ePtu0w7qpz3n47yPInde6wmdyIJKjwQB8ts9v6duweSBAJGqipYX8hSGR2kfnVIu-IcH2Thfglet9ArSH/18j34npvkfMBURaftDese2F91xRWbRt9_moa4IS9IneYNThKtHuRUGfo3O521p17pk3MlwGj1RoidJbdJLcfp2Ma80NO1Nt4IN-DPH-5V7JEcdrlpOtpGD2yz2Dztj-g/.../

http://dw.uptodown.com/dl/1441665823/.../mozilla-firefox-40-0-2-es-win.exe

http://dw.uptodown.com/dl/1440432090/.../mozilla-firefox-40-0-2-es-win.exe

https://dw.uptodown.com/dwn/yu4nH12ORn1VP7gCAbvS50OZmPT769teDB_QkMVHFlV7mys4jllD6n5a_8hTcBdf1ji5zilSTbq3dVZbv9KrcVhleZvb32tCo7fG22P88An9A3Y9Q7X0VcnSSdHFyclm/hmQHTQhtEBQYJw6dQVoTz9fev_aVr45ZHtqNg0Bbvz1n9YlTtttEdWUSYBk8a2uVqX8unPjqOPntg8Zl6fUhkwb50DGl26jRMf8eDDRP_cFdm-NeXP4nkLxkYjSw4ITN/idj1d15AXlCut17fbrb7wOdv0ULXQ2aTliOGyD1Xc5DKQiPk3Omx8KgA1PWY4cPypprqqdIomx-19OCv-g0ckV9YiJeR1pLOoDcXGW_Xq-ToGvZVzLgA8SCbKqBKOxip/.../

http://dw.uptodown.com/dl/1441161753/.../mozilla-firefox-40-0-2-es-win.exe

https://dw.uptodown.com/dwn/bjyNd1Z-MOxyGhxtlb-mB02EtDqK55Po3GbXR5CcURwcOG537Q75H9lbwzWYh9NneKxo-cCKjAqmwgLZgx3ITsnCRCdwplN-pC0WYnbsWn3Aa-raG8P0GAZ6dX4QSkMC/O2Pa3TaKk8GDYEVRvKMacdI019ixwlb7rsB7kEa02K0wi8TXOIq6q_EqxyDo2L6QGUc6Yk4Pp6cQMROVFDx-W-iCbjdQp6OkIgxBIjKkkEEaHwZ3e9YHtATCN6LSYVWO/.../

http://dw.uptodown.com/dl/1440096585/.../mozilla-firefox-40-0-2-es-win.exe

http://dw.uptodown.com/dwn/TJuTcSR-qLAzxA-2-QZ6TCpPOpW4KOTP1iyuDj4YGgTC6VvSzxHqBrfBfUkaiW1SW1kIAWNqitpmubzGDxGiOhXS60nn9AmZNvVs1EWBLh4DlORc2JznKrIJVyXtzUeY/lNXvR74ab1kLwzSS9msytRnBR4LkqPXzKjRGDbgggQExSSKZ3tkSwRVFHa3e4AEQNM-zmMIpHllp019Nf335Oshe3XgmqpjqWYYeTYUnTz0nWe-Do5Iy_15KGb949_Gi/wIswPsiI0GTk0dFOCMTReI_oFgJDJIPSsiqoyL7BK3Xf_q7nEbTH4cVCjtletzjKJ4j5smHjDc2uyGicsquWx8nhw_fk7ogRTKv9bOBUkSqD8tJaY7nAW8otKCLAEXE9/.../