winsetupfromusb-1-6.exe

7-Zip

Igor Pavlov

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from download.softpedia.com and multiple other hosts.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z SFX

Version:
9.30 alpha

MD5:
ab910f5ce935fa4cfb53b635c64030c4

SHA-1:
d0fbcc82698f715cee200212508886f64c30c36c

SHA-256:
890df093e90e2b12ba2cc6dba0910adb163d3402c286886671162224df37e19f

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 3:11:32 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Agent
2.1.4+

Dr.Web
Trojan.Inject1.54391
9.0.1.0334

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1077

File size:
23.8 MB (24,923,805 bytes)

Product version:
9.30 alpha

Copyright:
Copyright (c) 1999-2012 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Common path:
C:\users\{user}\downloads\winsetupfromusb-1-6.exe

File PE Metadata
Compilation timestamp:
10/26/2012 2:03:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:qaXQVrZacTxKRQ/AWSYNJ3N1LwtvgphIuMGuxkdXyL4qQaSmhzEWGkgzV+hTB:RQOi5SuLwt4phI5zepyEqQyhVLgzV+h1

Entry address:
0x1DC22

Entry point:
55, 8B, EC, 6A, FF, 68, 90, 1E, 42, 00, 68, 1C, DC, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 34, 11, 42, 00, 59, 83, 0D, 74, BE, 42, 00, FF, 83, 0D, 78, BE, 42, 00, FF, FF, 15, 30, 11, 42, 00, 8B, 0D, 5C, 9E, 42, 00, 89, 08, FF, 15, 2C, 11, 42, 00, 8B, 0D, 58, 9E, 42, 00, 89, 08, A1, 28, 11, 42, 00, 8B, 00, A3, 70, BE, 42, 00, E8, 1F, 01, 00, 00, 39, 1D, 10, 7A, 42, 00, 75, 0C, 68, 79, D3, 40, 00, FF, 15, 24, 11...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
126 KB (129,024 bytes)

The file winsetupfromusb-1-6.exe has been seen being distributed by the following 29 URLs.

http://download.softpedia.com/dl/4d74fe478508ea10c8f7766b344074b2/56a62312/100162452/software/portable/.../WinSetupFromUSB-1-6.exe

http://dpcdn-s11q.pl/.../WinSetupFromUSB-1-6.exe

http://lnkr.us/get?sourceId=5&uid=50672x1463x&format=go&out=http://files.totalsoft.org/W/WinSetupFromUSB/WinSetupFromUSB-1-6.exe&ref=http://biblprog.org.ua/ru/.../

http://www.bytesendclear.com/7gjOJUahQGq8xShi6RBWz6uH9WrOimn3wSZR77YnyVYAMr0cnJUCRjw5rUvm7WnYG9MQh7qF_4uetLQDGhQcT8fEuwg3Anoa8fKwbBSTPnXXx3N4obvXSd2eCxqvgceN94doUrYVGvBj1hgrMpizwbDAH9GTguIqL1nNsEnFoPBjXzzRbIajYBdccCMt1_k3Qmr7UGjI13UwvuUtlnXbzA2zRyshQsy8Nm7OzBCNfYUz2awbgikIvVw tZhDGey_hK5KvixMMmdvPfeM0uDSXdJUMoXYqnCr8ThGU85Rq_dOrK0iHQRlzSvxHMFlhq67gyInsVy1QEGFxEV74S odAoa6Lr36xzCGvync9_3jb7KB3gnD2jxe5bvtDJH2OXW4gL7Hv5d0E1SzxLCdaV3G3QWLvqhR3e7aijiBfJaj_uEMB6Y7But48RNOlnmDpjfQPK odxfvSWOB1a7tyK0A3q2xs5CIQzIEHfF 9n6ggDqAHSKijICXq4pjjfO4_GrH8p9VlE8AQJWoBTagyBcaDJaHWnPf9eM1VIfbI7p9apiOZJxdD4whsuhM2jkokriI4clQI03km40U3wrSUuExP1XJ8zFey4KKorNWAOTeywVMFv4OaA=-G2YAAGTYtrmEse3eRJoBDjlw K4JBKyZBRM5SKQtud01piiGbgjWZUd0VgNdxP6BdYTmQNix7AqFGdp_Rn FYMFmela4wl7NNTuv1duXqa0tCtjLAA==-E

http://download.softpedia.com/dl/16b234adc5de0009f32cc2ef2a57bf0d/5741c3d5/100162452/software/portable/.../WinSetupFromUSB-1-6.exe

http://ec.ccm2.net/ccm.net/download/.../WinSetupFromUSB-1-6.exe

http://dpcdn-s11.pl/.../WinSetupFromUSB-1-6.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../WinSetupFromUSB-1-6.exe

Scan winsetupfromusb-1-6.exe - Powered by Reason Core Security