× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067
File name: 7za
Detection ratio: 0 / 69
Analysis date: 2019-02-05 18:51:12 UTC ( 1 week, 5 days ago )
Antivirus Result Update
Acronis 20190130
Ad-Aware 20190205
AegisLab 20190205
AhnLab-V3 20190205
Alibaba 20180921
ALYac 20190205
Antiy-AVL 20190205
Arcabit 20190205
Avast 20190205
Avast-Mobile 20190205
AVG 20190205
Avira (no cloud) 20190205
Babable 20180917
Baidu 20190201
BitDefender 20190205
Bkav 20190201
CAT-QuickHeal 20190205
ClamAV 20190205
CMC 20190205
Comodo 20190205
CrowdStrike Falcon (ML) 20181023
Cylance 20190205
Cyren 20190205
DrWeb 20190205
eGambit 20190205
Emsisoft 20190205
Endgame 20181108
ESET-NOD32 20190205
F-Prot 20190205
F-Secure 20190205
Fortinet 20190205
GData 20190205
Sophos ML 20181128
Jiangmin 20190205
K7AntiVirus 20190205
K7GW 20190205
Kaspersky 20190205
Kingsoft 20190205
Malwarebytes 20190205
MAX 20190205
McAfee 20190205
McAfee-GW-Edition 20190205
Microsoft 20190205
eScan 20190205
NANO-Antivirus 20190205
Palo Alto Networks (Known Signatures) 20190205
Panda 20190205
Qihoo-360 20190205
Rising 20190205
SentinelOne (Static ML) 20190203
Sophos AV 20190205
SUPERAntiSpyware 20190130
Symantec 20190205
TACHYON 20190204
Tencent 20190205
TheHacker 20190203
TotalDefense 20190205
Trapmine 20190123
TrendMicro 20190205
TrendMicro-HouseCall 20190205
Trustlook 20190205
VBA32 20190205
VIPRE 20190205
ViRobot 20190205
Webroot 20190205
Yandex 20190204
Zillya 20190204
ZoneAlarm by Check Point 20190205
Zoner 20190205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2014 Igor Pavlov

Product 7-Zip
Original name 7za.exe
Internal name 7za
File version 9.38 beta
Description 7-Zip Standalone Console
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-03 17:33:15
Entry Point 0x0007A6AE
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
FileTimeToSystemTime
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
UnmapViewOfFile
FileTimeToDosDateTime
LoadLibraryW
DeviceIoControl
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
GetProcessTimes
SetFileTime
GetModuleHandleW
GetTempPathW
RemoveDirectoryW
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
OpenFileMappingW
GetConsoleMode
SetConsoleCtrlHandler
GetFileSize
SetLastError
CompareFileTime
GetCommandLineW
MultiByteToWideChar
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetSystemInfo
GetModuleFileNameW
GetModuleHandleA
SetEndOfFile
DosDateTimeToFileTime
ReleaseSemaphore
WideCharToMultiByte
MapViewOfFile
SetFilePointer
GetDiskFreeSpaceW
ReadFile
CreateSemaphoreW
WriteFile
ResetEvent
GetSystemTimeAsFileTime
GetLogicalDriveStringsW
FindFirstFileW
GetProcAddress
FindNextFileW
FreeLibrary
LocalFree
FormatMessageW
GlobalMemoryStatus
GetCurrentDirectoryW
CreateEventW
InitializeCriticalSection
SetConsoleMode
OpenEventW
CreateFileW
SetFileApisToOEM
VirtualFree
LocalFileTimeToFileTime
FindClose
MoveFileW
SetFileAttributesW
CloseHandle
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
GetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
fgetc
realloc
memset
fclose
__dllonexit
_controlfp
fflush
strlen
_except_handler3
?terminate@@YAXXZ
fputs
_onexit
wcslen
wcscmp
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
_fileno
fputc
_adjust_fdiv
memcmp
free
__p___initenv
_isatty
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_iob
strcmp
__set_app_type
SysAllocStringLen
SysFreeString
VariantCopy
VariantClear
SysAllocString
CharUpperW
CharPrevExA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.38.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip Standalone Console

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
105472

EntryPoint
0x7a6ae

OriginalFileName
7za.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2014 Igor Pavlov

FileVersion
9.38 beta

TimeStamp
2015:01:03 09:33:15-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
7za

ProductVersion
9.38 beta

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
524800

ProductName
7-Zip

ProductVersionNumber
9.38.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 b41886a0207245a4c7179671c6b0e6e5
SHA1 a10ecf2371137941ba4dee332b15066d88d4750e
SHA256 bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067
ssdeep
12288:Zw8tqoxXEN9rmdIsWIOm2dZ7zMnlqrnKeQcmyPvW4U0/:ZgWdWdmGZnCgrnKeQcpPJ

authentihash 6d485002b1015ad55f279b013bb2da3a68b805da05fb4d61b1bef57676f7444c
imphash bd912273bbf29e21ff00a414f95c84bd
File size 589.5 KB ( 603648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-03 20:47:31 UTC ( 4 years, 1 month ago )
Last submission 2018-07-21 08:02:55 UTC ( 7 months ago )
File names 7za.exe
7z.exe
is-q3u6s.tmp
_7za.exe
is-3su6o.tmp
is-5tbhp.tmp
is-gfu7u.tmp
7za.exe
7za.exe
7za.exe
53389182
7za.exe
bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067
7za.exe
3
7za.exe
7za.exe
7za.exe
7za.exe
tb7q6bfo9iq6m
encrypt.exe
output.53389182.txt
is-qf3m8.tmp
7za.exe
7za.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.