× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbb2b11dea9f4432291e2cbefe14ebe05e021940e983a37e113600eee55daa95
File name: 7z1604.exe
Detection ratio: 0 / 56
Analysis date: 2016-10-04 15:51:24 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20161004
AegisLab 20161004
AhnLab-V3 20161004
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161004
Arcabit 20161004
Avast 20161004
AVG 20161004
Avira (no cloud) 20161004
AVware 20161004
Baidu 20161001
BitDefender 20161004
Bkav 20161004
CAT-QuickHeal 20161004
ClamAV 20161004
CMC 20161003
Comodo 20161004
CrowdStrike Falcon (ML) 20160725
Cyren 20161004
DrWeb 20161004
Emsisoft 20161004
ESET-NOD32 20161004
F-Prot 20161004
F-Secure 20161004
Fortinet 20161004
GData 20161004
Ikarus 20161004
Sophos ML 20160928
Jiangmin 20161004
K7AntiVirus 20161004
K7GW 20161004
Kaspersky 20161004
Kingsoft 20161004
Malwarebytes 20161004
McAfee 20161004
McAfee-GW-Edition 20161004
Microsoft 20161004
eScan 20161004
NANO-Antivirus 20161004
nProtect 20161004
Panda 20161004
Qihoo-360 20161004
Rising 20161004
Sophos AV 20161004
SUPERAntiSpyware 20161004
Symantec 20161004
Tencent 20161004
TheHacker 20161001
TrendMicro 20161004
TrendMicro-HouseCall 20161004
VBA32 20161004
VIPRE 20161004
ViRobot 20161004
Yandex 20161003
Zillya 20161003
Zoner 20161004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2016 Igor Pavlov

Product 7-Zip
Original name 7zipInstall.exe
Internal name 7zipInstall
File version 16.04
Description 7-Zip Installer
Packers identified
F-PROT appended, 7Z, Unicode, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-04 15:13:15
Entry Point 0x000070B4
Number of sections 4
PE sections
Overlays
MD5 d4cf7c33c66a7a538af7a7d5168f7386
File type data
Offset 36352
Size 1074212
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
GetLastError
GetModuleFileNameW
GetVersionExW
GetFileAttributesW
GetCommandLineW
lstrlenW
GetStartupInfoA
SetFileTime
GetModuleHandleW
LoadLibraryExW
CreateDirectoryW
DeleteFileW
lstrcatW
GetModuleHandleA
MoveFileExW
SetFilePointer
GetSystemDirectoryW
ReadFile
WriteFile
GetCurrentProcess
CloseHandle
GetProcAddress
LocalFree
FormatMessageW
CreateFileW
SetFileAttributesW
__p__fmode
malloc
memset
_except_handler3
__p__commode
memcpy
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
_adjust_fdiv
_acmdln
_exit
wcsncpy
free
wcscat
__getmainargs
_initterm
memmove
wcscpy
_controlfp
__set_app_type
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
CreateDialogParamW
MessageBoxW
PeekMessageW
SendMessageW
IsDialogMessageW
EnableWindow
GetMessageW
TranslateMessage
SetDlgItemTextW
SetWindowTextW
LoadIconW
GetDlgItem
GetDlgItemTextW
ShowWindow
ExitWindowsEx
DispatchMessageW
DestroyWindow
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip Installer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
18944

EntryPoint
0x70b4

OriginalFileName
7zipInstall.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2016 Igor Pavlov

FileVersion
16.04

TimeStamp
2016:10:04 16:13:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zipInstall

ProductVersion
16.04

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
25600

ProductName
7-Zip

ProductVersionNumber
16.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 da7db29e783780f3a581e6e0bf4c595d
SHA1 dd1cb1163c5572951c9cd27f5a8dd550b33c58a4
SHA256 dbb2b11dea9f4432291e2cbefe14ebe05e021940e983a37e113600eee55daa95
ssdeep
24576:s4nN0gktMU54pUt9BQyMGyG1vYLuv4Hoqf2F9h4N9SRwbyj3R1Xq7+63X:s4igAP58U5hyAgI99ZRwe3a7LX

authentihash df18d9e0d8d1722af92b8fc4840b75a4cbd5ddb727b30fbc42383ae1d73e3c52
imphash 032103161e09bf33e31999a5d8dba1c3
File size 1.1 MB ( 1110564 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2016-10-04 15:51:24 UTC ( 1 year, 10 months ago )
Last submission 2018-08-16 20:30:02 UTC ( 2 days, 18 hours ago )
File names 7-Zip 16.04 (x32).exe
7z1604.exe
7z1604[1].exe
7z1604_32bit.exe
vsk00flq.9iq
tmp20180207-15554-sbo96g
7-Zip 16.04 32bit.exe
7z_x64.exe
f.exe
7z1604.exe
7z1604.exe
vsi001ma.i4k
dbb2b11dea9f4432_7bd3.tmp.exe
bitc30b.tmp
vso81trg.m5f
setup7z1604.exe
vsb50iha.cbb
7-Zip_16.04.exe
7zip_1604.exe
7z1604_2.exe
myfile.exe
7z1604(官網).exe
7-zip_16-04_fr_11161_32.exe
7-Zip [1].exe
7z1604-win32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Runtime DLLs
UDP communications