× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b33fde6a719e616870f5fc70c20f1f53bd04960d34a0088f957f9d9b408c6872
File name: 7ZSfxNew
Detection ratio: 6 / 57
Analysis date: 2017-02-04 02:39:08 UTC ( 1 year, 11 months ago )
Antivirus Result Update
AegisLab Agent4.Blzf.Gen!c 20170204
AVG Agent4.BLZF 20170203
Ikarus Trojan.Agent4 20170203
Jiangmin Trojan/Llac.sz 20170203
McAfee Artemis!C8EF9F5B459A 20170204
McAfee-GW-Edition BehavesLike.Win32.Dropper.hc 20170204
Ad-Aware 20170204
AhnLab-V3 20170203
Alibaba 20170122
ALYac 20170204
Antiy-AVL 20170204
Arcabit 20170204
Avast 20170204
Avira (no cloud) 20170203
AVware 20170204
Baidu 20170125
BitDefender 20170204
Bkav 20170204
CAT-QuickHeal 20170203
ClamAV 20170204
CMC 20170203
Comodo 20170204
CrowdStrike Falcon (ML) 20170130
Cyren 20170204
DrWeb 20170204
Emsisoft 20170204
ESET-NOD32 20170204
F-Prot 20170204
F-Secure 20170204
Fortinet 20170204
GData 20170204
Sophos ML 20170203
K7AntiVirus 20170203
K7GW 20170204
Kaspersky 20170204
Kingsoft 20170204
Malwarebytes 20170203
Microsoft 20170204
eScan 20170204
NANO-Antivirus 20170204
nProtect 20170204
Panda 20170203
Qihoo-360 20170204
Rising 20170204
Sophos AV 20170204
SUPERAntiSpyware 20170204
Symantec 20170203
Tencent 20170204
TheHacker 20170202
TotalDefense 20170203
TrendMicro 20170204
TrendMicro-HouseCall 20170204
Trustlook 20170204
VBA32 20170203
VIPRE 20170204
ViRobot 20170203
WhiteArmor 20170202
Yandex 20170203
Zillya 20170203
Zoner 20170204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2007 Oleg N. Scherbakov

Product 7ZSfxNew
Original name 7ZSfxNew.exe
Internal name 7ZSfxNew
File version 1, 2, 0, 552
Description 7z Setup SFX
Packers identified
F-PROT INNO, appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-31 22:58:06
Entry Point 0x00011B4F
Number of sections 4
PE sections
Overlays
MD5 6753bb7e4b7a248fdc92884536718cf4
File type data
Offset 98816
Size 504775
Entropy 8.00
PE imports
GetDeviceCaps
SelectObject
DeleteObject
GetObjectW
CreateFontIndirectW
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReadFile
LoadLibraryA
lstrlenA
RemoveDirectoryW
WaitForSingleObject
GetVersionExW
SetEvent
GetFileAttributesW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
SystemTimeToFileTime
CompareFileTime
GetFileSize
SetFileTime
GetCommandLineW
CreateThread
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
TerminateThread
SuspendThread
GetModuleFileNameW
SetFilePointer
lstrcpyW
SetFileAttributesW
WideCharToMultiByte
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
GetModuleHandleA
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GetModuleHandleW
LocalFree
FormatMessageW
ResumeThread
CreateEventW
GetExitCodeThread
ResetEvent
lstrcmpiW
SetCurrentDirectoryW
WriteFile
CreateFileW
VirtualFree
FindClose
Sleep
SetEndOfFile
GetDriveTypeW
LeaveCriticalSection
VirtualAlloc
SetLastError
MulDiv
_purecall
__p__fmode
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
memcmp
__setusermatherr
_adjust_fdiv
_acmdln
_CxxThrowException
__p__commode
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_exit
__set_app_type
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
SystemParametersInfoW
DefWindowProcW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
GetWindowRect
ScreenToClient
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
GetClientRect
GetDlgItem
DrawTextW
LoadImageW
EnableMenuItem
ClientToScreen
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
wsprintfW
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.552

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX

CharacterSet
Unicode

InitializedDataSize
25088

PrivateBuild
February 1, 2007

EntryPoint
0x11b4f

OriginalFileName
7ZSfxNew.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2007 Oleg N. Scherbakov

FileVersion
1, 2, 0, 552

TimeStamp
2007:01:31 23:58:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxNew

ProductVersion
1, 2, 0, 552

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
74240

ProductName
7ZSfxNew

ProductVersionNumber
1.2.0.552

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c8ef9f5b459aab21c117096faca58244
SHA1 55d24369029eb43232eb0b0cc3c4d366d02512b3
SHA256 b33fde6a719e616870f5fc70c20f1f53bd04960d34a0088f957f9d9b408c6872
ssdeep
12288:TrvDoBwUCJr5WB62RcqVS11L4rGEssKpZGL8PxJvsRv3Iy2YlMXA:3vDo05xWVg1kSpFpZGTRvYxQ

authentihash 9d3449ebcce77ba5aa05478acff33472a3f28a36db59cd269e1ddc8bc26309c7
imphash 38f06c710872cc7a64eecf550725191e
File size 589.4 KB ( 603591 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.8%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-12-08 17:56:34 UTC ( 2 years, 1 month ago )
Last submission 2016-12-08 17:56:34 UTC ( 2 years, 1 month ago )
File names 7ZSfxNew.exe
7ZSfxNew
lam.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
UDP communications