× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
File name: 7za.exe
Detection ratio: 0 / 66
Analysis date: 2018-10-14 16:07:08 UTC ( 3 days, 13 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20181014
AVG 20181014
Ad-Aware 20181014
AegisLab 20181014
AhnLab-V3 20181014
Alibaba 20180921
Antiy-AVL 20181014
Arcabit 20181014
Avast 20181014
Avast-Mobile 20181014
Avira (no cloud) 20181014
Babable 20180918
Baidu 20181012
BitDefender 20181014
Bkav 20181014
CAT-QuickHeal 20181013
CMC 20181014
ClamAV 20181014
Comodo 20181014
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181014
Cyren 20181014
DrWeb 20181014
ESET-NOD32 20181014
Emsisoft 20181014
Endgame 20180730
F-Prot 20181014
F-Secure 20181014
Fortinet 20181014
GData 20181014
Ikarus 20181014
Sophos ML 20180717
Jiangmin 20181014
K7AntiVirus 20181014
K7GW 20181013
Kaspersky 20181014
Kingsoft 20181014
MAX 20181014
Malwarebytes 20181014
McAfee 20181014
McAfee-GW-Edition 20181014
eScan 20181014
Microsoft 20181014
NANO-Antivirus 20181014
Palo Alto Networks (Known Signatures) 20181014
Panda 20181014
Qihoo-360 20181014
Rising 20181012
SUPERAntiSpyware 20181014
SentinelOne (Static ML) 20181011
Sophos AV 20181014
Symantec 20181014
TACHYON 20181014
Tencent 20181014
TheHacker 20181011
TrendMicro 20181010
TrendMicro-HouseCall 20181010
VBA32 20181012
ViRobot 20181014
Webroot 20181014
Yandex 20181012
Zillya 20181012
ZoneAlarm by Check Point 20181014
Zoner 20181013
eGambit 20181014
Symantec Mobile Insight 20181001
Trustlook 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2010 Igor Pavlov

Product 7-Zip
Original name 7za.exe
Internal name 7za
File version 9.20
Description 7-Zip Standalone Console
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 16:27:33
Entry Point 0x0006CF4C
Number of sections 5
PE sections
PE imports
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
OpenFileMappingA
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetTempPathW
FormatMessageW
SetStdHandle
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
InitializeCriticalSection
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetEnvironmentVariableA
RemoveDirectoryW
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
SetFilePointer
GetFullPathNameW
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
ExitThread
HeapCreate
GlobalMemoryStatus
SearchPathW
SetCurrentDirectoryW
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetTempFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindNextFileA
TerminateProcess
SearchPathA
WaitForMultipleObjects
CreateFileW
SetFileApisToOEM
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
lstrlenA
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
RemoveDirectoryA
GetCPInfo
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
GetVersion
GetCurrentDirectoryW
UnmapViewOfFile
WriteFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
OpenEventA
VirtualAlloc
GetOEMCP
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString
CharLowerA
CharNextA
CharUpperW
CharLowerW
CharUpperA
CharPrevExA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.20.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip Standalone Console

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x6cf4c

OriginalFileName
7za.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov

FileVersion
9.2

TimeStamp
2010:11:18 17:27:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7za

ProductVersion
9.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
495104

ProductName
7-Zip

ProductVersionNumber
9.20.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 42badc1d2f03a8b1e4875740d3d49336
SHA1 cee178da1fb05f99af7a3547093122893bd1eb46
SHA256 c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
ssdeep
12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A

authentihash 85d6c63062475fd2e49fea9e421e75902c2e4552a63ff733e3aaf90852ddb148
imphash 15847eb10d7d06dcd5980e8a9b786fd6
File size 574.0 KB ( 587776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with 7za.exe as its name.
VirusTotal metadata
First submission 2010-11-18 21:19:10 UTC ( 7 years, 11 months ago )
Last submission 2018-10-14 16:07:08 UTC ( 3 days, 13 hours ago )
File names cp.bin
7za.exe
._cache_7za.exe
fil2D6862ECC9E43D16C3AB267EC4238F63
136
7z.exe
maria.jpg
ijxjWZWuFKzfrT.exe
uiie32iuy87dhu.jpg
32943.jpg
7za.exe
7z.zip
c136b1467d669a72_hdvk.exe
c136b1467d669a72_iusd.exe
ovo.rtf
72866E
7za.exe
extractor.exe
7za.jpg
CaN
7za.exe
7.exe
7za.mkv.exe
y78eyq7.txt
7z.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!