× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d623511c517dbdd1d9265bd0cd6a51be8f5f133e81851e6c9288270c7052318e
File name: 7ZSfxMod
Detection ratio: 5 / 56
Analysis date: 2015-02-08 08:19:39 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Baidu-International Hacktool.Win32.Elevate.A 20150208
ESET-NOD32 Win32/Elevate.A potentially unsafe 20150208
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20150208
Symantec WS.Reputation.1 20150208
TrendMicro-HouseCall Suspicious_GEN.F47V0112 20150208
Ad-Aware 20150208
AegisLab 20150208
Yandex 20150207
AhnLab-V3 20150207
Alibaba 20150207
ALYac 20150208
Antiy-AVL 20150208
Avast 20150206
AVG 20150208
Avira (no cloud) 20150207
AVware 20150207
BitDefender 20150208
Bkav 20150207
ByteHero 20150208
CAT-QuickHeal 20150205
ClamAV 20150208
CMC 20150205
Comodo 20150208
Cyren 20150208
DrWeb 20150208
Emsisoft 20150208
F-Prot 20150208
F-Secure 20150208
Fortinet 20150208
GData 20150208
Ikarus 20150208
K7AntiVirus 20150208
K7GW 20150208
Kaspersky 20150208
Kingsoft 20150208
Malwarebytes 20150208
McAfee 20150208
McAfee-GW-Edition 20150208
Microsoft 20150208
eScan 20150208
NANO-Antivirus 20150208
Norman 20150208
nProtect 20150206
Panda 20150207
Rising 20150207
Sophos 20150208
SUPERAntiSpyware 20150207
Tencent 20150208
TheHacker 20150208
TotalDefense 20150208
TrendMicro 20150208
VBA32 20150206
VIPRE 20150208
ViRobot 20150208
Zillya 20150207
Zoner 20150206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Publisher 7z
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.5.0.2712
Description 7z SFX (x86)
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-30 08:49:43
Entry Point 0x00012DCF
Number of sections 4
PE sections
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
PtInRect
DispatchMessageW
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z SFX (x86)

CharacterSet
Unicode

InitializedDataSize
100864

FileOS
Windows NT 32-bit

PrivateBuild
December 30, 2012

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.5.0.2712

TimeStamp
2012:12:30 09:49:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

FileAccessDate
2015:02:08 09:19:43+01:00

ProductVersion
1.5.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:08 09:19:43+01:00

OriginalFilename
7ZSfxMod_x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
7z

CodeSize
75776

ProductName
7-Zip SFX

ProductVersionNumber
1.5.0.2712

EntryPoint
0x12dcf

ObjectFileType
Executable application

File identification
MD5 ed45a80023c6b07b0166c352d3a23539
SHA1 093a472d408bdcf69e362f6a1c682b9564f098b8
SHA256 d623511c517dbdd1d9265bd0cd6a51be8f5f133e81851e6c9288270c7052318e
ssdeep
24576:XACKq87acdZnjM7XxLFhK0bmB0XXRdC2ApIyC6HcyMQgsL5Pu0bZouefoclshmDG:Qp/2cdpWhLrK0vRdC2ArTfMQg4kBfnuR

authentihash bf485a5bbd42ca96628b1b878218338fc1220c51fad47bba5b21142c20f13fb9
imphash 1d1577d864d2da06952f7affd8635371
File size 1.9 MB ( 1984077 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-12 03:44:49 UTC ( 2 years, 2 months ago )
Last submission 2015-01-12 03:44:49 UTC ( 2 years, 2 months ago )
File names 7ZSfxMod
7ZSfxMod_x86.exe
NAME_ME2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.