pack.exe

7-Zip

Musiclab LLC

The application pack.exe by Musiclab has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the 7z Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Igor Pavlov  (signed by Musiclab LLC)

Product:
7-Zip

Description:
7z Console SFX

Version:
9.20

MD5:
60a76e1f2ae62090ec6dc048bd33c94b

SHA-1:
9960e3b35b4c955ea0b5482a2c186ffedb496fa3

SHA-256:
a998ac354caa2a89c1e8249bc290346779ff9356843a734d5e34597296a55927

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:34:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchSuite.AB
532

Arcabit
Trojan.Generic.DE18B11
1.0.0.425

AVG
Generic6
2016.0.3010

Bitdefender
Adware.SearchSuite.AB
1.0.20.1165

Comodo Security
Application.Win32.Bandoo.ANGL
22717

Dr.Web
Adware.Bandoo.204
9.0.1.0233

Emsisoft Anti-Malware
Adware.SearchSuite.AB
8.15.08.21.03

ESET NOD32
Win32/AdWare.Bandoo.AG (variant)
9.11917

Fortinet FortiGate
Riskware/SearchSuite
8/21/2015

F-Prot
W32/Trojan2.OOWS
v6.4.7.1.166

F-Secure
Trojan.Generic.14781201
11.2015-21-08_6

G Data
Adware.SearchSuite.AB
15.8.25

K7 AntiVirus
Unwanted-Program
13.205.16517

Kaspersky
not-a-virus:WebToolbar.Win64.SearchSuite
14.0.0.1547

Malwarebytes
PUP.Optional.DataMangr.A
v2015.08.21.03

MicroWorld eScan
Adware.SearchSuite.AB
16.0.0.699

NANO AntiVirus
Riskware.Win32.Bandoo.dmeyyx
0.30.24.2487

nProtect
Adware.SearchSuite.AB
15.07.09.01

Panda Antivirus
Generic Suspicious
15.08.21.03

Reason Heuristics
PUP.Musiclab.Installer (M)
15.8.21.15

VIPRE Antivirus
SearchSuite
41870

File size:
1021.7 KB (1,046,200 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsw77c7.tmp\pack.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/8/2015 1:00:00 AM

Valid to:
4/8/2016 12:59:59 AM

Subject:
CN=Musiclab LLC, OU=Development, O=Musiclab LLC, L=New Jersey, S=New Jersey, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6BA80D8EDEB5019E89E3313B0C48806D

File PE Metadata
Compilation timestamp:
11/18/2010 4:27:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

CTPH (ssdeep):
24576:3Xi6kgaINV1gmfR8EVRKnpPUq0S+hd2dd/9jK9raDPa+vU:3XiTcNT88w9od2dd/5KRaDPaF

Entry address:
0x1C1F2

Entry point:
55, 8B, EC, 6A, FF, 68, E0, FE, 41, 00, 68, EC, C1, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, E4, F0, 41, 00, 59, 83, 0D, 30, A7, 42, 00, FF, 83, 0D, 34, A7, 42, 00, FF, FF, 15, E8, F0, 41, 00, 8B, 0D, 08, 87, 42, 00, 89, 08, FF, 15, EC, F0, 41, 00, 8B, 0D, 04, 87, 42, 00, 89, 08, A1, F0, F0, 41, 00, 8B, 00, A3, 2C, A7, 42, 00, E8, D5, 00, 00, 00, 83, 3D, A0, 63, 42, 00, 00, 75, 0C, 68, 32, C3, 41, 00, FF, 15, F4, F0...
 
[+]

Entropy:
7.9217

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
119 KB (121,856 bytes)

Remove pack.exe - Powered by Reason Core Security