× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56e9d009793f54f27715838c746788dd80122958467de7a6ee87bebf2dcd0931
File name: 5uAw[1]_exe
Detection ratio: 16 / 46
Analysis date: 2013-09-20 19:18:30 UTC ( 5 years ago ) View latest
Antivirus Result Update
AntiVir ADWARE/Adware.Gen7 20130920
Avast JS:DownloadNSave-J [Adw] 20130920
AVG Generic5.AFXS.dropper 20130920
BitDefender Gen:Adware.MPlug.2 20130920
DrWeb Trojan.Crossrider.3 20130920
Emsisoft Gen:Adware.MPlug.2 (B) 20130920
ESET-NOD32 Win32/Adware.MultiPlug.H 20130920
F-Prot JS/MegaSearch.A.gen 20130920
GData Gen:Adware.MPlug.2 20130920
Kaspersky not-a-virus:AdWare.Win32.MegaSearch.am 20130920
Kingsoft VIRUS_UNKNOWN 20130829
Malwarebytes PUP.Optional.MultiPlug.A 20130920
eScan Gen:Adware.MPlug.2 20130920
NANO-Antivirus Riskware.Script.Plugin.bljgmi 20130920
Rising AdWare.Win32.Mega.a 20130918
VIPRE Trojan.Win32.Generic!BT 20130920
Yandex 20130920
AhnLab-V3 20130920
Antiy-AVL 20130920
Baidu-International 20130920
Bkav 20130920
ByteHero 20130919
CAT-QuickHeal 20130920
ClamAV 20130920
Commtouch 20130920
Comodo 20130920
Fortinet 20130920
Ikarus 20130920
Jiangmin 20130903
K7AntiVirus 20130920
K7GW 20130920
McAfee 20130920
McAfee-GW-Edition 20130920
Microsoft 20130920
Norman 20130920
nProtect 20130920
Panda 20130920
PCTools 20130920
Sophos AV 20130920
SUPERAntiSpyware 20130920
Symantec 20130920
TheHacker 20130920
TotalDefense 20130920
TrendMicro 20130920
TrendMicro-HouseCall 20130920
VBA32 20130920
ViRobot 20130920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2010 Igor Pavlov

Publisher Igor Pavlov
Product 7-Zip
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 9.20
Description 7z Setup SFX
Packers identified
F-PROT 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 16:27:35
Entry Point 0x00014B04
Number of sections 5
PE sections
Overlays
MD5 ed6f8a047812950ae67da02db682d38e
File type data
Offset 141312
Size 598603
Entropy 6.10
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
RemoveDirectoryW
FindFirstFileA
ResetEvent
GetTempFileNameA
FindNextFileA
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetCPInfo
GetEnvironmentStrings
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
VariantClear
SysAllocString
ShellExecuteExA
GetWindowLongA
SetTimer
MessageBoxW
LoadIconA
LoadStringA
SetWindowTextA
EndDialog
PostMessageA
CharUpperW
DialogBoxParamW
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
SetWindowLongA
KillTimer
DialogBoxParamA
ShowWindow
CharUpperA
DestroyWindow
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
35328

ImageVersion
0.0

ProductName
7-Zip

FileVersionNumber
9.20.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7z Setup SFX

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2

TimeStamp
2010:11:18 17:27:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
9.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
104960

FileSubtype
0

ProductVersionNumber
9.20.0.0

EntryPoint
0x14b04

ObjectFileType
Executable application

File identification
MD5 cee32e3e18103f8fde4c8f79a70a064b
SHA1 66f5f2ecc2cd69ea54261433c217aa6e6d801ced
SHA256 56e9d009793f54f27715838c746788dd80122958467de7a6ee87bebf2dcd0931
ssdeep
12288:h1OgLdaO6o99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJX:h1OYdaO6OBsFEt5hDG0SAMs9jR/jaJnc

authentihash 5d5b102d0bbedec56a6f08761662d150764de0adbb42084be89eea5ed1f040f7
imphash 3786a4cf8bfee8b4821db03449141df4
File size 722.6 KB ( 739915 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (49.7%)
Windows ActiveX control (28.7%)
Win32 Executable MS Visual C++ (generic) (7.7%)
Win64 Executable (generic) (6.8%)
Windows screen saver (3.2%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-09-20 19:18:30 UTC ( 5 years ago )
Last submission 2013-09-20 19:18:30 UTC ( 5 years ago )
File names 7zS.sfx.exe
5uAw[1]_exe
7zS.sfx
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs