» worms armageddon v3.7.2.1.exe
Overview
Analysis
File Details
Programs (1)
Downloads (3)

worms armageddon v3.7.2.1.exe

7-Zip

Igor Pavlov

The application worms armageddon v3.7.2.1.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the 7z Setup installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program The Elder Scrolls Online by Zenimax Online Studios. The file has been seen being downloaded from dla.uloz.to and multiple other hosts.

File name:

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7z SFX

Version:

9.20

MD5:

0d403f98ea70a259603760bc881fe865

SHA-1:

aa18ed4aca5381544229100dc74aa3d8ca7d870d

SHA-256:

ab08935d005b437149ae6286c21612f4519dc043522e37d371a0159edcd73f9f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2025 6:59:16 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InstallAssistant

16.2.22.1

File size:

643.7 MB (674,939,902 bytes)

Product version:

9.20

Original file name:

7z.sfx.exe

File type:

Executable application (Win32 EXE)

Installer:

7z Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\worms armageddon v3.7.2.1.exe

File PE Metadata

Compilation timestamp:

11/18/2010 4:27:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12582912:eMdpLLn8qanR8FQls1shiTGg9XJ25Griz+teSL+csfJgRdBJSU/iT:eMdpfnNanr1bgjQQ6FSadfJgST

Entry address:

0x1D262

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

124.5 KB (127,488 bytes)

The file worms armageddon v3.7.2.1.exe has been discovered within the following program.

The Elder Scrolls Online by Zenimax Online Studios

www.zenimaxonline.com

About 3% of users remove it

The file worms armageddon v3.7.2.1.exe has been seen being distributed by the following 3 URLs.

http://dla.uloz.to/Ps;Hs;fid=42549162;cid=421521616;rid=1087258839;up=0;uip=178.40.105.104;tm=1442328445;ut=f;aff=ulozto.sk;did=ulozto-sk;He;ch=5c5439e947d91a1a63a60e52c6c48437;Pe/.../worms-armageddon-v3-7-2-1-exe?bD&c=421521616&De

http://download40.mediafire.com/ep9jejmayczg/.../Worms Armageddon v3.7.2.1.exe

http://download1592.mediafire.com/545295lxhxng/.../Worms Armageddon v3.7.2.1.exe

Remove worms armageddon v3.7.2.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.