mame0170b.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Allin1Convert AppIntegrator 32-bit’. The file has been seen being downloaded from github.com and multiple other hosts.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z SFX

Version:
4.32

MD5:
c08720902d77a2295fd590b3d6241a53

SHA-1:
1f136ac9f9e1e1cbd462c15ff13cb51ce98d97e5

SHA-256:
dcf876a9a5f4bf590b2792ef6aaf5da8254d977ef0b95247b51dee11ab4245d9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 1:03:55 PM UTC  (today)

File size:
32.8 MB (34,354,579 bytes)

Product version:
4.32

Copyright:
Copyright (c) 1999-2005 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mame0170b.exe

File PE Metadata
Compilation timestamp:
12/9/2005 9:14:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:Imkaq6cHt5BMf5p2f9F4FsCCuoLwoxq/uU5e4JO:IT6cHVMf5p2f9FysCNoLwH/x0

Entry address:
0x29C00

Entry point:
60, BE, 00, C0, 41, 00, 8D, BE, 00, 50, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
56 KB (57,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Allin1Convert AppIntegrator 32-bit

Command:
C:\Program Files2\allin1~2\bar\1.bin\appintegrator.exe


The file mame0170b.exe has been seen being distributed by the following 4 URLs.

https://github.com/mamedev/mame/releases/download/.../mame0170b.exe

Scan mame0170b.exe - Powered by Reason Core Security