× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72bcbf1878edfe6473e240c56a5cd76f75953bb63310eeec6807dbbf56090e56
File name: 60bb16f21ce3581d305b82524da0ab6f360a0887
Detection ratio: 23 / 64
Analysis date: 2017-08-03 08:18:05 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Dropper.W32.Injector!c 20170803
Avast Win32:Malware-gen 20170803
AVG Win32:Malware-gen 20170803
Avira (no cloud) TR/AD.Ursnif.kuqrj 20170803
AVware Trojan.Win32.Generic!BT 20170803
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170710
Cylance Unsafe 20170803
DrWeb Trojan.MulDrop7.34138 20170803
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Spy.Ursnif.BF 20170803
Fortinet W32/Ursnif.BF!tr.spy 20170803
GData Win32.Trojan.Agent.38RXBW 20170803
Sophos ML heuristic 20170607
Kaspersky Trojan-Dropper.Win32.Injector.svkc 20170803
McAfee Artemis!5C90D5C52974 20170803
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20170803
Palo Alto Networks (Known Signatures) generic.ml 20170803
Rising Spyware.Ursnif!8.1DEF (cloud:rgo0YPdpxYT) 20170803
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170803
Symantec Trojan.Gen.2 20170803
VIPRE Trojan.Win32.Generic!BT 20170803
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.svkc 20170803
Ad-Aware 20170803
AhnLab-V3 20170802
Alibaba 20170803
ALYac 20170803
Antiy-AVL 20170803
Arcabit 20170803
Baidu 20170803
BitDefender 20170803
Bkav 20170802
CAT-QuickHeal 20170803
ClamAV 20170803
CMC 20170803
Comodo 20170803
Cyren 20170803
Emsisoft 20170803
F-Prot 20170803
F-Secure 20170803
Ikarus 20170802
Jiangmin 20170803
K7AntiVirus 20170803
K7GW 20170803
Kingsoft 20170803
Malwarebytes 20170803
MAX 20170803
Microsoft 20170803
eScan 20170803
NANO-Antivirus 20170803
nProtect 20170803
Panda 20170802
Qihoo-360 20170803
SUPERAntiSpyware 20170803
Symantec Mobile Insight 20170803
Tencent 20170803
TheHacker 20170801
TotalDefense 20170803
TrendMicro 20170803
Trustlook 20170803
VBA32 20170801
ViRobot 20170803
Webroot 20170803
WhiteArmor 20170731
Yandex 20170801
Zillya 20170803
Zoner 20170803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-31 12:17:13
Entry Point 0x00004330
Number of sections 6
PE sections
Overlays
MD5 198f5a4477fa75b6ca19de526264f805
File type data
Offset 720896
Size 186405
Entropy 7.98
PE imports
ReplaceTextW
ImmConfigureIMEW
InterlockedExchange
LocalFree
GetCurrentProcess
RaiseException
LocalAlloc
GetFileAttributesA
OpenThread
SetEvent
GetCurrentProcessId
FreeLibrary
OpenWaitableTimerA
ExitProcess
GetThreadLocale
ReadProcessMemory
FindFirstFileW
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
LoadLibraryA
GetLastError
FindActCtxSectionStringW
SetupDiSetDriverInstallParamsW
Shell_NotifyIconW
SHCreateProcessAsUserW
SHLoadNonloadedIconOverlayIdentifiers
memset
freopen
StringFromCLSID
OleUninitialize
HGLOBAL_UserSize
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
704512

ImageVersion
0.0

ProductName
7-Zip

FileVersionNumber
4.42.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.42

TimeStamp
2017:07:31 14:17:13+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

FileDescription
7z Setup SFX

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1999-2006 Igor Pavlov

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
16384

FileSubtype
0

ProductVersionNumber
4.42.0.0

EntryPoint
0x4330

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5c90d5c529749bc1d64268f1aa203c17
SHA1 60bb16f21ce3581d305b82524da0ab6f360a0887
SHA256 72bcbf1878edfe6473e240c56a5cd76f75953bb63310eeec6807dbbf56090e56
ssdeep
24576:W4l5Y6KuDRaBgfK8KxxfYbiQlaGk0bg050XpS81P:NKiaTVxdYbh7tva

authentihash c36fbc0c18a6ecb998d1f84a18675da488ff03d03404b20db941418486ffd193
imphash af1910aaec33d84b3e70fe4721888c14
File size 886.0 KB ( 907301 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (48.1%)
Microsoft Visual C++ compiled executable (generic) (25.4%)
Win32 Dynamic Link Library (generic) (10.1%)
Win32 Executable (generic) (6.9%)
OS/2 Executable (generic) (3.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-08-02 07:31:21 UTC ( 1 year, 8 months ago )
Last submission 2019-03-16 13:49:47 UTC ( 1 month ago )
File names 72BCBF1878EDFE6473E240C56A5CD76F75953BB63310EEEC6807DBBF56090E56.EX%24
60bb16f21ce3581d305b82524da0ab6f360a0887
5c90d5c529749bc1d64268f1aa203c17.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications