× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fef9bb60b74021e53f42f3f607a8c24701232812ad794eeac96b0e0fc783d02
File name: 7ZSfxMod
Detection ratio: 5 / 56
Analysis date: 2015-02-08 13:24:05 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Baidu-International Hacktool.Win32.Elevate.A 20150208
ESET-NOD32 Win32/Elevate.A potentially unsafe 20150208
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20150208
Symantec WS.Reputation.1 20150208
TrendMicro-HouseCall Suspicious_GEN.F47V0112 20150208
Ad-Aware 20150208
AegisLab 20150208
Yandex 20150208
AhnLab-V3 20150208
Alibaba 20150207
ALYac 20150208
Antiy-AVL 20150208
Avast 20150206
AVG 20150208
Avira (no cloud) 20150208
AVware 20150207
BitDefender 20150208
Bkav 20150207
ByteHero 20150208
CAT-QuickHeal 20150205
ClamAV 20150208
CMC 20150205
Comodo 20150208
Cyren 20150208
DrWeb 20150208
Emsisoft 20150208
F-Prot 20150208
F-Secure 20150208
Fortinet 20150208
GData 20150208
Ikarus 20150208
K7AntiVirus 20150208
K7GW 20150208
Kaspersky 20150208
Kingsoft 20150208
Malwarebytes 20150208
McAfee 20150208
McAfee-GW-Edition 20150208
Microsoft 20150208
eScan 20150208
NANO-Antivirus 20150208
Norman 20150208
nProtect 20150206
Panda 20150208
Rising 20150207
Sophos AV 20150208
SUPERAntiSpyware 20150208
Tencent 20150208
TheHacker 20150208
TotalDefense 20150208
TrendMicro 20150208
VBA32 20150206
VIPRE 20150208
ViRobot 20150208
Zillya 20150207
Zoner 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2010 Oleg N. Scherbakov

Publisher 7z
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.4.1.2100
Description 7z SFX (x86)
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:36
Entry Point 0x00015CBF
Number of sections 4
PE sections
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 8
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.1.2100

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z SFX (x86)

CharacterSet
Unicode

InitializedDataSize
22528

FileOS
Windows NT 32-bit

PrivateBuild
April 28, 2011

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2010 Oleg N. Scherbakov

FileVersion
1.4.1.2100

TimeStamp
2011:04:28 12:38:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

FileAccessDate
2015:02:08 14:47:13+01:00

ProductVersion
1.4.1.2100

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:08 14:47:13+01:00

OriginalFilename
7ZSfxMod_x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
7z

CodeSize
87040

ProductName
7-Zip SFX

ProductVersionNumber
1.4.1.2100

EntryPoint
0x15cbf

ObjectFileType
Executable application

File identification
MD5 ec3a135d038d9e8ca0666b8afecb43a0
SHA1 6ee90d498e6692bfdf59ef0a592b3641f841dedb
SHA256 0fef9bb60b74021e53f42f3f607a8c24701232812ad794eeac96b0e0fc783d02
ssdeep
49152:ddN652cdpWhLrK0vRdC2ArTfMQg4kBfnuR:ddNk2czwrKcCpVixnK

authentihash 1a9a6762402cdcb4d4b445ad7fb7e68e6a77754b39336f665ac987dda924902d
imphash c769210c368165fcb9c03d3f832f55eb
File size 1.8 MB ( 1914630 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-12 08:56:09 UTC ( 2 years, 9 months ago )
Last submission 2015-01-12 08:56:09 UTC ( 2 years, 9 months ago )
File names 7ZSfxMod
7ZSfxMod_x86.exe
NAME_ME.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.