× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5011abc9b3a718b0703a197001e6477bdd0a8844dd7ad7b818d185603334cd6
File name: SWAPMOD.exe
Detection ratio: 2 / 41
Analysis date: 2011-10-23 10:52:03 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Jiangmin Trojan/JmGenGeneric.ajd 20111022
Sophos Sus/Dropper-A 20111023
AhnLab-V3 20111023
AntiVir 20111021
Antiy-AVL 20111023
Avast 20111023
BitDefender 20111023
ByteHero 20110923
CAT-QuickHeal 20111023
ClamAV 20111023
Commtouch 20111023
Comodo 20111023
Emsisoft 20111023
F-Prot 20111023
F-Secure 20111023
Fortinet 20111023
GData 20111023
Ikarus 20111023
K7AntiVirus 20111022
Kaspersky 20111023
McAfee 20111023
McAfee-GW-Edition 20111023
Microsoft 20111023
NOD32 20111023
Norman 20111022
PCTools 20111023
Panda 20111023
Prevx 20111023
Rising 20111021
SUPERAntiSpyware 20111022
Symantec 20111023
TheHacker 20111023
TrendMicro 20111023
TrendMicro-HouseCall 20111023
VBA32 20111021
VIPRE 20111023
ViRobot 20111022
VirusBuster 20111022
eSafe 20111017
eTrust-Vet 20111021
nProtect 20111023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 1999-2010 Igor Pavlov

Publisher Igor Pavlov
Product 7-Zip
Original name 7z.sfx.exe
Internal name 7z.sfx
File version 9.20
Description 7z SFX
Packers identified
F-PROT UPX, 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 16:27:33
Entry Point 0x0001D262
Number of sections 5
PE sections
PE imports
AreFileApisANSI
GetLastError
GetStdHandle
EnterCriticalSection
FileTimeToSystemTime
lstrlenA
RemoveDirectoryW
WaitForSingleObject
SetEvent
GetCommandLineW
GetTickCount
SetFileTime
SetFileAttributesW
GetVersionExA
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
SetFileAttributesA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetFileSize
lstrcatA
CreateDirectoryA
GetModuleHandleW
GetCurrentDirectoryA
FormatMessageW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
FormatMessageA
GetFullPathNameA
SetFilePointer
GetFullPathNameW
CloseHandle
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
ResetEvent
FindFirstFileW
GetProcAddress
SetPriorityClass
LocalFree
MoveFileA
InitializeCriticalSection
CreateFileW
VirtualFree
CreateEventA
FindClose
Sleep
MoveFileW
SetEndOfFile
CreateFileA
VirtualAlloc
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
__CxxFrameHandler
??1type_info@@UAE@XZ
memset
__dllonexit
_except_handler3
_onexit
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
_CxxThrowException
__p__commode
free
__getmainargs
memcpy
memmove
_beginthreadex
_initterm
_exit
__set_app_type
Ord(6)
Ord(2)
Ord(9)
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
MapDialogRect
EndDialog
CharUpperW
KillTimer
ShowWindow
MessageBoxW
GetWindowRect
SetDlgItemTextA
PostMessageA
MoveWindow
DialogBoxParamW
SetWindowLongA
DialogBoxParamA
CharUpperA
LoadStringA
SystemParametersInfoA
SetWindowTextA
SendMessageW
GetWindowLongA
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetWindowTextW
GetWindowTextLengthW
GetWindowTextA
SetCursor
CoUninitialize
CoInitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 4
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
51200

ImageVersion
0.0

ProductName
7-Zip

FileVersionNumber
9.20.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2

TimeStamp
2010:11:18 08:27:33-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
7z.sfx

ProductVersion
9.2

FileDescription
7z SFX

OSVersion
4.0

OriginalFilename
7z.sfx.exe

LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
127488

FileSubtype
0

ProductVersionNumber
9.20.0.0

EntryPoint
0x1d262

ObjectFileType
Executable application

File identification
MD5 fa3342dca4e0d268e1f17ee131e161ac
SHA1 94396a121affdabb76534990e66302403a9de7f6
SHA256 e5011abc9b3a718b0703a197001e6477bdd0a8844dd7ad7b818d185603334cd6
ssdeep
6144:DJsVwvknSzn7hdSEBu6Gy0CP2Jtr+6aoKV9YmZT4Gdz+:6VwvknOdSEBF27+IY9heGdz+

File size 311.5 KB ( 318973 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo upx

VirusTotal metadata
First submission 2011-10-23 10:52:03 UTC ( 2 years, 5 months ago )
Last submission 2012-09-17 08:53:06 UTC ( 1 year, 7 months ago )
File names 7z.sfx.exe
7z.sfx
SWAPMOD.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!