× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d85ff28bf3ec00ce86167f82bbb9cba7cb215d93acf62d65817c6b36f594f17
File name: 7ZSfxMod
Detection ratio: 1 / 56
Analysis date: 2015-02-08 12:19:01 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Qihoo-360 HEUR/QVM18.1.Malware.Gen 20150208
Ad-Aware 20150208
AegisLab 20150208
Yandex 20150208
AhnLab-V3 20150208
Alibaba 20150207
ALYac 20150208
Antiy-AVL 20150208
Avast 20150206
AVG 20150208
Avira (no cloud) 20150208
AVware 20150207
Baidu-International 20150208
BitDefender 20150208
Bkav 20150207
ByteHero 20150208
CAT-QuickHeal 20150205
ClamAV 20150208
CMC 20150205
Comodo 20150208
Cyren 20150208
DrWeb 20150208
Emsisoft 20150208
ESET-NOD32 20150208
F-Prot 20150208
F-Secure 20150208
Fortinet 20150208
GData 20150208
Ikarus 20150208
K7AntiVirus 20150208
K7GW 20150208
Kaspersky 20150208
Kingsoft 20150208
Malwarebytes 20150208
McAfee 20150208
McAfee-GW-Edition 20150208
Microsoft 20150208
eScan 20150208
NANO-Antivirus 20150208
Norman 20150208
nProtect 20150206
Panda 20150208
Rising 20150207
Sophos 20150208
SUPERAntiSpyware 20150208
Symantec 20150208
Tencent 20150208
TheHacker 20150208
TotalDefense 20150208
TrendMicro 20150208
TrendMicro-HouseCall 20150208
VBA32 20150206
VIPRE 20150208
ViRobot 20150208
Zillya 20150207
Zoner 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Publisher Oleg N. Scherbakov
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.6.0.2712
Description 7z Setup SFX (x86)
Packers identified
F-PROT appended, UPX_LZMA, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:51
Entry Point 0x000395C0
Number of sections 3
PE sections
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
172032

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

CharacterSet
Unicode

InitializedDataSize
86016

FileOS
Windows NT 32-bit

PrivateBuild
December 30, 2012

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.6.0.2712

TimeStamp
2012:12:31 01:38:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

FileAccessDate
2015:02:08 13:19:06+01:00

ProductVersion
1.6.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:08 13:19:06+01:00

OriginalFilename
7ZSfxMod_x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
65536

ProductName
7-Zip SFX

ProductVersionNumber
1.6.0.2712

EntryPoint
0x395c0

ObjectFileType
Executable application

File identification
MD5 4bd5c1c0d1fa22fed76d91b27beb3327
SHA1 8af80a951ff49ec1724b87f6988e78198e64d868
SHA256 5d85ff28bf3ec00ce86167f82bbb9cba7cb215d93acf62d65817c6b36f594f17
ssdeep
49152:eKWEy3xL+Qd0LR2P17hIUP2v82uEuGIa/VQCv6:j1y3tgsd7KvoEwaNQl

authentihash 5a9a19f0ad44a9c67bcb54aaeeef8ec66f7c95bed07a570b75d42b9195e51273
imphash 254a3a10c7173262c1ad498fb1bffb52
File size 1.9 MB ( 2025313 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-13 04:02:20 UTC ( 2 years, 3 months ago )
Last submission 2015-01-13 04:02:20 UTC ( 2 years, 3 months ago )
File names 7ZSfxMod
~OEM-Query7z.exe
7ZSfxMod_x86.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.