× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bd8e41888655cf0f78ace847965797a50b0fda919a4f6efa2d54723199ed55b
File name: 814375
Detection ratio: 0 / 58
Analysis date: 2016-03-26 19:22:05 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160326
AegisLab 20160326
Yandex 20160316
AhnLab-V3 20160326
Alibaba 20160323
ALYac 20160326
Antiy-AVL 20160326
Arcabit 20160326
Avast 20160326
AVG 20160326
Avira (no cloud) 20160326
AVware 20160326
Baidu 20160325
Baidu-International 20160326
BitDefender 20160326
Bkav 20160326
ByteHero 20160326
CAT-QuickHeal 20160326
ClamAV 20160326
CMC 20160322
Comodo 20160326
Cyren 20160326
DrWeb 20160326
Emsisoft 20160326
ESET-NOD32 20160326
F-Prot 20160326
F-Secure 20160326
Fortinet 20160326
GData 20160326
Ikarus 20160326
Jiangmin 20160326
K7AntiVirus 20160326
K7GW 20160323
Kaspersky 20160326
Kingsoft 20160326
Malwarebytes 20160326
McAfee 20160326
McAfee-GW-Edition 20160326
Microsoft 20160326
eScan 20160326
NANO-Antivirus 20160326
nProtect 20160325
Panda 20160326
Qihoo-360 20160326
Rising 20160326
Sophos AV 20160326
SUPERAntiSpyware 20160326
Symantec 20160326
Tencent 20160326
TheHacker 20160325
TotalDefense 20160326
TrendMicro 20160326
TrendMicro-HouseCall 20160326
VBA32 20160325
VIPRE 20160326
ViRobot 20160326
Zillya 20160326
Zoner 20160326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1999-2010 Igor Pavlov

Product 7-Zip
Original name 7z.sfx.exe
Internal name 7z.sfx
File version 9.15 beta
Description 7z SFX
Signature verification Signed file, verified signature
Signing date 8:32 AM 3/2/2016
Signers
[+] Zhengzhou longling technology Co.
Status Valid
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 12/26/2013
Valid to 12:59 AM 12/26/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 74FC236133C702A8261AE1A2E27B8C47C2C313EE
Serial number 64 22 41 8B 58 DA 13 13 B0 4D 64 76 9C 36 24 B3
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-20 14:19:00
Entry Point 0x0001D152
Number of sections 5
PE sections
Overlays
MD5 cee8fc31a018af64949673e049846858
File type data
Offset 162304
Size 3863128
Entropy 8.00
PE imports
AreFileApisANSI
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToSystemTime
lstrlenA
RemoveDirectoryW
WaitForSingleObject
SetEvent
GetCommandLineW
GetTickCount
SetFileTime
SetFileAttributesW
GetVersionExA
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
SetFileAttributesA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetFileSize
lstrcatA
CreateDirectoryA
GetModuleHandleW
GetCurrentDirectoryA
FormatMessageW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
FormatMessageA
GetFullPathNameA
SetFilePointer
GetFullPathNameW
CloseHandle
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
ResetEvent
FindFirstFileW
GetProcAddress
SetPriorityClass
LocalFree
MoveFileA
InitializeCriticalSection
CreateFileW
VirtualFree
CreateEventA
FindClose
Sleep
MoveFileW
SetEndOfFile
CreateFileA
VirtualAlloc
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
__dllonexit
_except_handler3
__p__commode
_onexit
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_acmdln
_CxxThrowException
_adjust_fdiv
free
__getmainargs
memcpy
memmove
_beginthreadex
_initterm
_exit
__set_app_type
SysFreeString
VariantClear
SysAllocString
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
MapDialogRect
EndDialog
CharUpperW
KillTimer
ShowWindow
MessageBoxW
GetWindowRect
SetDlgItemTextA
PostMessageA
MoveWindow
DialogBoxParamW
SetWindowLongA
DialogBoxParamA
CharUpperA
LoadStringA
SystemParametersInfoA
SetWindowTextA
SendMessageW
GetWindowLongA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetWindowTextW
GetWindowTextLengthW
GetWindowTextA
SetCursor
CoUninitialize
CoInitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 4
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.15.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
51200

EntryPoint
0x1d152

OriginalFileName
7z.sfx.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov

FileVersion
9.15 beta

TimeStamp
2010:06:20 15:19:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7z.sfx

ProductVersion
9.15 beta

FileDescription
7z SFX

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
126976

ProductName
7-Zip

ProductVersionNumber
9.15.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ac4077016a1cbbce4dd69b18375e7e02
SHA1 6558d21729bdbd3aa1dc23e16bcdf62c7a6cad27
SHA256 8bd8e41888655cf0f78ace847965797a50b0fda919a4f6efa2d54723199ed55b
ssdeep
98304:2MWtD1SsS9fsHf1/ZB6KPI49lixEV+sg2HypzAWkaJUQ:L9fs/VPF90jsvKzHkwD

authentihash 5a817e05e6c24e9611008b64fce41d16a240cba3210a0077c0aba6e557f00d97
imphash bb852e47b91e6cfe684371146f6d288c
File size 3.8 MB ( 4025432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-03-05 11:27:28 UTC ( 2 years, 3 months ago )
Last submission 2016-04-26 15:07:15 UTC ( 2 years, 1 month ago )
File names 7z.sfx.exe
814375
networktunnel_portable.exe
7z.sfx
8BD8E41888655CF0F78ACE847965797A50B0FDA919A4F6EFA2D54723199ED55B.exe
8BD8E41888655CF0F78ACE847965797A50B0FDA919A4F6EFA2D54723199ED55B.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications