× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b46a8a4de2e53df436c4bf5082fc90aaa83b5f18eda1e0fa1024e2c1de17c69
File name: Far.exe
Detection ratio: 16 / 55
Analysis date: 2017-01-17 09:39:17 UTC ( 7 months, 1 week ago )
Antivirus Result Update
AegisLab Malware.Gen!c 20170117
Avast Win32:Malware-gen 20170117
AVware Trojan.Win32.Generic!BT 20170117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9898 20170117
Cyren W32/Risk.ANXE-4483 20170117
ESET-NOD32 Win32/Hidcon.B potentially unsafe 20170117
F-Prot W32/MalwareS.ACEQ 20170117
GData Win32.Trojan.Agent.4KJ742 20170117
Jiangmin Trojan.Scar.fqr 20170117
K7GW Trojan ( 700001211 ) 20170117
Malwarebytes RiskWare.HidCon.Drop 20170117
McAfee Artemis!507AF800B036 20170108
McAfee-GW-Edition BehavesLike.Win32.BadFile.rc 20170117
Symantec ML.Relationship.HighConfidence [Trojan.Gen.2] 20170116
VIPRE Trojan.Win32.Generic!BT 20170117
ViRobot Trojan.Win32.Z.Selfdel.5141440[h] 20170117
Ad-Aware 20170117
AhnLab-V3 20170117
Alibaba 20170117
ALYac 20170117
Antiy-AVL 20170117
Arcabit 20170117
AVG 20170117
Avira (no cloud) 20170117
BitDefender 20170117
CAT-QuickHeal 20170117
ClamAV 20170117
CMC 20170117
Comodo 20170117
CrowdStrike Falcon (ML) 20161024
DrWeb 20170117
Emsisoft 20170117
F-Secure 20170117
Fortinet 20170117
Ikarus 20170117
Sophos ML 20170111
K7AntiVirus 20170117
Kaspersky 20170117
Kingsoft 20170117
Microsoft 20170117
eScan 20170117
NANO-Antivirus 20170117
nProtect 20170117
Panda 20170116
Qihoo-360 20170117
Rising 20170117
Sophos AV 20170117
SUPERAntiSpyware 20170117
Tencent 20170117
TheHacker 20170117
TrendMicro 20170117
TrendMicro-HouseCall 20170117
Trustlook 20170117
VBA32 20170116
WhiteArmor 20170117
Yandex 20170116
Zillya 20170116
Zoner 20170117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2009 Oleg N. Scherbakov

Product 7ZSfxNew
Original name 7ZSfxNew.exe
Internal name 7ZSfxNew
File version 1, 3, 0, 1501
Description 7z Setup SFX
Packers identified
F-PROT UPX, appended, Aspack, UTF-8, Unicode, 7Z
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-14 01:14:50
Entry Point 0x0001D800
Number of sections 3
PE sections
Overlays
MD5 79378fc648e443a0983b143bbc0d1ae0
File type data
Offset 52736
Size 5088704
Entropy 8.00
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleLoadPicture
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
0.0

ProductName
7ZSfxNew

FileVersionNumber
1.3.0.1501

UninitializedDataSize
69632

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

PrivateBuild
September 7, 2009

FileTypeExtension
exe

OriginalFileName
7ZSfxNew.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 3, 0, 1501

TimeStamp
2009:09:14 02:14:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxNew

ProductVersion
1, 3, 0, 1501

FileDescription
7z Setup SFX

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2005-2009 Oleg N. Scherbakov

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
49152

FileSubtype
0

ProductVersionNumber
1.3.0.1501

EntryPoint
0x1d800

ObjectFileType
Executable application

File identification
MD5 507af800b0366b011af9f632ea654b2f
SHA1 d8be33ea876eb4db6fffb752a832b1b9bbffd8a0
SHA256 4b46a8a4de2e53df436c4bf5082fc90aaa83b5f18eda1e0fa1024e2c1de17c69
ssdeep
98304:71M8zXPbKvs3skuf3TEKhHn5Nm3kJ08Dnj65HrVqoAtLLTEPswMSabepo:7a8z0s3daEKo3oS5LVqtLLTnwMSzi

authentihash 294e223327f99dfa0eae54a4042b23595d30c6c3296b34e21f4d6de3020bad83
imphash b484b52df60e8d823b647a09bb1e39f9
File size 4.9 MB ( 5141440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe aspack upx overlay

VirusTotal metadata
First submission 2015-03-13 11:31:04 UTC ( 2 years, 5 months ago )
Last submission 2017-01-17 09:39:17 UTC ( 7 months, 1 week ago )
File names 7ZSfxNew.exe
Far.exe
507af800b0366b011af9f632ea654b2f.exe
7ZSfxNew
Far.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00XH05ER16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.