× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97ce24428b245db85f78438ece76dc19e83642fd583e897a893b769020f0a54c
File name: 7ZSfxMod
Detection ratio: 2 / 57
Analysis date: 2015-02-12 04:17:00 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Qihoo-360 HEUR/QVM18.1.Malware.Gen 20150212
Symantec WS.Reputation.1 20150212
Ad-Aware 20150212
AegisLab 20150212
Yandex 20150211
AhnLab-V3 20150211
Alibaba 20150212
ALYac 20150212
Antiy-AVL 20150212
Avast 20150212
AVG 20150212
Avira (no cloud) 20150212
AVware 20150212
Baidu-International 20150211
BitDefender 20150212
Bkav 20150212
ByteHero 20150212
CAT-QuickHeal 20150211
ClamAV 20150211
CMC 20150211
Comodo 20150212
Cyren 20150212
DrWeb 20150212
Emsisoft 20150212
ESET-NOD32 20150212
F-Prot 20150212
F-Secure 20150212
Fortinet 20150212
GData 20150212
Ikarus 20150212
Jiangmin 20150210
K7AntiVirus 20150211
K7GW 20150212
Kaspersky 20150212
Kingsoft 20150212
Malwarebytes 20150212
McAfee 20150212
McAfee-GW-Edition 20150211
Microsoft 20150212
eScan 20150212
NANO-Antivirus 20150212
Norman 20150211
nProtect 20150211
Panda 20150211
Rising 20150211
Sophos 20150212
SUPERAntiSpyware 20150212
Tencent 20150212
TheHacker 20150212
TotalDefense 20150212
TrendMicro 20150212
TrendMicro-HouseCall 20150212
VBA32 20150211
VIPRE 20150212
ViRobot 20150212
Zillya 20150211
Zoner 20150211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Publisher Oleg N. Scherbakov
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.6.0.2712
Description 7z Setup SFX (x86)
Packers identified
F-PROT appended, UPX_LZMA, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:51
Entry Point 0x000395C0
Number of sections 3
PE sections
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
172032

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

CharacterSet
Unicode

InitializedDataSize
86016

FileOS
Windows NT 32-bit

PrivateBuild
December 30, 2012

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.6.0.2712

TimeStamp
2012:12:31 01:38:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

FileAccessDate
2015:02:12 05:19:56+01:00

ProductVersion
1.6.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:12 05:19:56+01:00

OriginalFilename
7ZSfxMod_x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
65536

ProductName
7-Zip SFX

ProductVersionNumber
1.6.0.2712

EntryPoint
0x395c0

ObjectFileType
Executable application

File identification
MD5 e5ed49150aa33b62e22f7808e2103ae3
SHA1 4d0e6e3b8b8f6dc4ecb09126362ff3356f26ad76
SHA256 97ce24428b245db85f78438ece76dc19e83642fd583e897a893b769020f0a54c
ssdeep
49152:e0WEy3xL+Qd0LR2P17hIUP2v82uEuGIa/VQCvz:R1y3tgsd7KvoEwaNQu

authentihash 5bd13e2dd4daaf16d7de3e1f6e8629d9fd6d320e605c73546b35ac9f3400379f
imphash 254a3a10c7173262c1ad498fb1bffb52
File size 1.9 MB ( 2025120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-15 04:16:28 UTC ( 2 years, 4 months ago )
Last submission 2015-01-15 04:16:28 UTC ( 2 years, 4 months ago )
File names 7ZSfxMod
~OEM-Query7z.exe
7ZSfxMod_x86.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.