× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 034eca579f68b44f8f41294d8c9dac96f032c57dee0877095da47913060dff84
File name: 7z
Detection ratio: 2 / 65
Analysis date: 2019-02-21 00:38:02 UTC ( 1 day, 5 hours ago )
Antivirus Result Update
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190211
Yandex Trojan.Agent!VTVt3VEVH3I 20190219
Acronis 20190220
Ad-Aware 20190220
AegisLab 20190220
AhnLab-V3 20190220
Alibaba 20180921
ALYac 20190220
Antiy-AVL 20190220
Arcabit 20190220
Avast 20190220
Avast-Mobile 20190220
AVG 20190220
Avira (no cloud) 20190220
Babable 20180917
Baidu 20190214
BitDefender 20190220
CAT-QuickHeal 20190220
ClamAV 20190220
CMC 20190220
Comodo 20190220
Cybereason 20190109
Cylance 20190220
Cyren 20190220
DrWeb 20190220
eGambit 20190220
Emsisoft 20190220
Endgame 20190215
ESET-NOD32 20190220
F-Secure 20190220
Fortinet 20190220
GData 20190220
Ikarus 20190220
Sophos ML 20181128
Jiangmin 20190220
K7AntiVirus 20190220
K7GW 20190220
Kaspersky 20190220
Kingsoft 20190220
Malwarebytes 20190220
MAX 20190220
McAfee 20190220
McAfee-GW-Edition 20190220
Microsoft 20190220
eScan 20190220
NANO-Antivirus 20190220
Palo Alto Networks (Known Signatures) 20190220
Panda 20190220
Qihoo-360 20190220
Rising 20190220
SentinelOne (Static ML) 20190203
Sophos AV 20190220
SUPERAntiSpyware 20190220
Symantec 20190220
Symantec Mobile Insight 20190220
TACHYON 20190220
Tencent 20190220
TheHacker 20190217
TotalDefense 20190220
Trapmine 20190123
Trustlook 20190220
VBA32 20190220
ViRobot 20190220
Webroot 20190220
ZoneAlarm by Check Point 20190220
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2018 Igor Pavlov

Product 7-Zip
Original name 7z.exe
Internal name 7z
File version 18.05
Description 7-Zip Console
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-30 12:00:00
Entry Point 0x00033ADC
Number of sections 6
PE sections
PE imports
GetFileSecurityW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
DeviceIoControl
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
UnmapViewOfFile
GetSystemInfo
LoadLibraryW
GetLastError
WaitForSingleObject
GetVersionExW
SetEvent
GetProcessTimes
SetFileTime
GetFileAttributesW
RemoveDirectoryW
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
OpenFileMappingW
GetConsoleMode
SetConsoleCtrlHandler
GetFileSize
CompareFileTime
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
GetTickCount
GetFileInformationByHandle
CreateDirectoryW
SetProcessAffinityMask
GetProcAddress
GetConsoleScreenBufferInfo
FileTimeToSystemTime
GetModuleFileNameW
GetModuleHandleA
SetFileAttributesW
WideCharToMultiByte
MapViewOfFile
SetFilePointer
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
ReadFile
WriteFile
CloseHandle
IsProcessorFeaturePresent
DeleteFileW
FindFirstFileW
GetModuleHandleW
FileTimeToLocalFileTime
FreeLibrary
LocalFree
FormatMessageW
GlobalMemoryStatus
GetProcessAffinityMask
GetTempPathW
InitializeCriticalSection
SetConsoleMode
OpenEventW
CreateFileW
SetFileApisToOEM
FindNextFileW
GetLogicalDriveStringsW
FindClose
MoveFileW
SetEndOfFile
GetCurrentDirectoryW
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
fgetc
??1type_info@@UAE@XZ
memset
fclose
__dllonexit
_controlfp
fflush
strlen
_except_handler3
?terminate@@YAXXZ
fputs
_onexit
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
fputc
_adjust_fdiv
_fileno
free
__p___initenv
_isatty
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
wcsstr
_exit
_iob
strcmp
__set_app_type
SysStringLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
CharUpperW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
18.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip Console

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0x33adc

OriginalFileName
7z.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2018 Igor Pavlov

FileVersion
18.05

TimeStamp
2018:04:30 05:00:00-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
7z

ProductVersion
18.05

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
223744

ProductName
7-Zip

ProductVersionNumber
18.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 77e556cdfdc5c592f5c46db4127c6f4c
SHA1 9289a79a81e008f349cb05cb851ae5eaef24b94a
SHA256 034eca579f68b44f8f41294d8c9dac96f032c57dee0877095da47913060dff84
ssdeep
6144:R7fK/4HEQqqKb+oadTxoCJ4P/9IVdZ4qzg9/yDOyQS5NIvPypBpOL34du1v2XywI:R7y8Ah0Hs/SCMOyF5Vk1vs0D

authentihash 27dbed728abbd44e683b3b755a84104eb9add1fb1c325129b6cb3d8bc049b07f
imphash 6d26c857784eea32ac92dcb74e598644
File size 283.0 KB ( 289792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-01 06:48:00 UTC ( 9 months, 3 weeks ago )
Last submission 2019-01-31 17:59:02 UTC ( 3 weeks ago )
File names 7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
034eca579f68b44f_7z.exe
7z.exe
7z
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
7z.exe
034eca579f68b44f8f41294d8c9dac96f032c57dee0877095da47913060dff84-120280.bin
7z.exe
7z.exe
7z.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.