× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7fcf3990e8fefeb501697f02e8de02454387baa13e941ff830d00ec96166ea5
File name: Custom Certificate Install v2.exe
Detection ratio: 2 / 46
Analysis date: 2013-01-10 01:55:17 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Ikarus Trojan.Crypt 20130110
VBA32 Backdoor.Delf.aecw 20130109
Yandex 20130109
AhnLab-V3 20130109
AntiVir 20130107
Antiy-AVL 20130109
Avast 20130110
AVG 20130110
BitDefender 20130110
ByteHero 20130108
CAT-QuickHeal 20130109
ClamAV 20130110
Commtouch 20130109
Comodo 20130110
DrWeb 20130110
Emsisoft 20130109
eSafe 20130103
ESET-NOD32 20130109
F-Prot 20130109
F-Secure 20130109
Fortinet 20130110
GData 20130110
Jiangmin 20121221
K7AntiVirus 20130109
Kaspersky 20130110
Kingsoft 20130107
Malwarebytes 20130110
McAfee 20130110
McAfee-GW-Edition 20130109
Microsoft 20130109
eScan 20130110
NANO-Antivirus 20130110
Norman 20130109
nProtect 20130109
Panda 20130109
PCTools 20130110
Rising 20130109
Sophos AV 20130109
SUPERAntiSpyware 20130110
Symantec 20130110
TheHacker 20130109
TotalDefense 20130108
TrendMicro 20130110
TrendMicro-HouseCall 20130110
VIPRE 20130110
ViRobot 20130109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2005-2012 Oleg N. Scherbakov

Publisher Oleg N. Scherbakov
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.4.3.2367
Description 7z Setup SFX (x86)
Packers identified
F-PROT 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-21 00:57:17
Entry Point 0x00015CBF
Number of sections 4
PE sections
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
Ord(418)
Ord(2)
Ord(9)
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
100352

ImageVersion
0.0

ProductName
7-Zip SFX

FileVersionNumber
1.4.3.2367

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
7ZSfxMod_x86.exe

PrivateBuild
January 21, 2012

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.4.3.2367

TimeStamp
2012:01:21 00:57:17+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

ProductVersion
1.4.3.2367

FileDescription
7z Setup SFX (x86)

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
87040

FileSubtype
0

ProductVersionNumber
1.4.3.2367

EntryPoint
0x15cbf

ObjectFileType
Executable application

File identification
MD5 af44f4ebbf1ede43486fa01e36afb74d
SHA1 aa857c3f2c3cc920ef184d7d46372f6ccc1b2075
SHA256 b7fcf3990e8fefeb501697f02e8de02454387baa13e941ff830d00ec96166ea5
ssdeep
6144:3dTFcxbrKWS4/AdSZbWt4nnE6mRz3fm9Lj+Ucx4sEF3WPvBP+:NTFKfKr4/AmWtZz+xj6EF3WN+

File size 278.1 KB ( 284753 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-01-10 01:55:17 UTC ( 5 years, 6 months ago )
Last submission 2013-02-03 03:04:48 UTC ( 5 years, 5 months ago )
File names 7ZSfxMod
Custom Certificate Install v2.exe
7ZSfxMod_x86.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!