home

sd1.4.0.653_setup.exe

7-Zip

Yang Ping

The executable sd1.4.0.653_setup.exe has been detected as malware by 36 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Igor Pavlov  (signed by Yang Ping)

Product:
7-Zip

Description:
7z Setup SFX

Version:
4.65

MD5:
67b6a8ee4901f89aba90457fc82ff302

SHA-1:
53a4108b13046066f85e5910e2319892b83c0408

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/24/2024 5:38:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
79

AhnLab V3 Security
Win32/Virut.F
3.8.1.15

Avira AntiVirus
W32/Virut.Gen
8.3.3.4

Arcabit
Win32.Virtob.Gen.12
1.0.0.788

avast!
Win32:Vitro
2014.9-161117

AVG
Win32/DH{Fg?}
2017.0.2557

Baidu Antivirus
Win32.Virus.Virut
4.0.3.161117

Bitdefender
Win32.Virtob.Gen.12
1.0.20.1610

Bkav FE
W32.Vetor.PE
1.3.0.8455

Comodo Security
Virus.Win32.Virut.CE
26038

Dr.Web
Win32.Virut.56
9.0.1.0322

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.16.11.17.04

ESET NOD32
Win32/Virut.NBP
10.14370

Fortinet FortiGate
W32/Madang.C
11/17/2016

F-Prot
W32/Virut.AM
v6.4.7.1.166

F-Secure
Win32.Virtob.Gen.12
11.2016-17-11_5

G Data
Win32.Virtob.Gen.12
16.11.25

IKARUS anti.virus
Virus.Win32.Small
t3scan.2.1.16.0

K7 AntiVirus
Virus
13.244.21361

Kaspersky
Virus.Win32.Virut
14.0.0.-721

McAfee
W32/Virut.n.gen
5600.6213

Microsoft Security Essentials
Virus:Win32/Madang.A
1.1.13202.0

MicroWorld eScan
Win32.Virtob.Gen.12
17.0.0.966

NANO AntiVirus
Virus.Win32.Small.dtdxys
1.0.46.12730

nProtect
Virus/W32.Virut.Gen
16.11.01.01

Panda Antivirus
W32/Madang.A
16.11.17.04

Qihoo 360 Security
Virus.Win32.Virut.M
1.0.0.1120

Quick Heal
W32.Virut.G
11.16.14.00

Rising Antivirus
Virus.Virut!1.A08B (classic)
23.00.65.161115

Sophos
W32/Scribble-B
4.98

Trend Micro House Call
PE_VIRUX.GEN2-1
7.2.322

Trend Micro
PE_VIRUX.GEN2-1
10.465.17

Vba32 AntiVirus
Virus.Virut.14
3.12.26.4

VIPRE Antivirus
Virus.Win32.Virut.ce.5
53440

ViRobot
Win32.Virut.Gen.C[h]
2014.3.20.0

Zillya! Antivirus
Virus.Virut.Win32.1938
2.0.0.3103

File size:
3.4 MB (3,543,346 bytes)

Product version:
4.65

Copyright:
Copyright (c) 1999-2009 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\shadow.defender.1.4.0.653.filefrogg\sd1.4.0.653_setup.exe

Digital Signature
Signed by:
Yang Ping

Authority:
WoSign CA Limited

Valid from:
4/8/2016 9:04:32 AM

Valid to:
6/8/2017 9:04:32 AM

Subject:
CN=Yang Ping, L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5E4DC82C530C9D86101BAD3939FCED12

File PE Metadata
Compilation timestamp:
5/14/2002 5:23:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:LMqH5MqdlnthXLKtFxbujcFw5csf4n8NB/7:LMoZveVbxqysAn8L

Entry address:
0x364ACA

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 5C, 96, FF, FF, 4B, 66, 4B, 75, FC, F6, D6, 24, FF, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, 4F, 29, DA, F9, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, 84, D0, F6, D5, 68, 66, 5A, E6, BA, E8, 30, 96, FF, FF, 89, 74, 24, 44, E8, 37, 98, FF, FF, 89, 44, 24, 34, 83, E8, 04, 0F, 82, CF, 96, FF, FF, E9, 85, 96, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9909  (probably packed)

Code size:
75.5 KB (77,312 bytes)

Remove sd1.4.0.653_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.