× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1601b09cd0c9627b1aab7299b83529e8fbc6b5078e43dfd81a1b0bfcdf4a308
File name: 7z1602-x64_2.exe
Detection ratio: 0 / 68
Analysis date: 2018-01-13 05:29:03 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180113
AegisLab 20180113
AhnLab-V3 20180112
Alibaba 20180113
ALYac 20180113
Antiy-AVL 20180113
Arcabit 20180113
Avast 20180113
Avast-Mobile 20180112
AVG 20180113
Avira (no cloud) 20180112
AVware 20180103
Baidu 20180112
BitDefender 20180113
Bkav 20180112
CAT-QuickHeal 20180112
ClamAV 20180112
CMC 20180111
Comodo 20180113
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180113
Cyren 20180113
DrWeb 20180113
eGambit 20180113
Emsisoft 20180113
Endgame 20171130
ESET-NOD32 20180113
F-Prot 20180113
F-Secure 20180113
Fortinet 20180113
GData 20180113
Ikarus 20180112
Sophos ML 20170914
Jiangmin 20180113
K7AntiVirus 20180112
K7GW 20180112
Kaspersky 20180113
Kingsoft 20180113
Malwarebytes 20180113
MAX 20180113
McAfee 20180113
McAfee-GW-Edition 20180113
Microsoft 20180113
eScan 20180113
NANO-Antivirus 20180113
nProtect 20180113
Palo Alto Networks (Known Signatures) 20180113
Panda 20180112
Qihoo-360 20180113
Rising 20180113
SentinelOne (Static ML) 20171224
Sophos AV 20180113
SUPERAntiSpyware 20180113
Symantec 20180112
Symantec Mobile Insight 20180112
Tencent 20180113
TheHacker 20180112
TotalDefense 20180112
TrendMicro 20180113
TrendMicro-HouseCall 20180113
Trustlook 20180113
VBA32 20180112
VIPRE 20180113
ViRobot 20180113
Webroot 20180113
WhiteArmor 20180110
Yandex 20180112
Zillya 20180112
ZoneAlarm by Check Point 20180113
Zoner 20180113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2016 Igor Pavlov

Product 7-Zip
Original name 7zipInstall.exe
Internal name 7zipInstall
File version 16.02
Description 7-Zip Installer
Packers identified
F-PROT appended, 7Z, Unicode, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-21 08:52:53
Entry Point 0x00007104
Number of sections 4
PE sections
Overlays
MD5 8d6aaded62c2ff1ac42625f6228ee50f
File type data
Offset 36352
Size 1342198
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
LocalFree
FormatMessageW
ReadFile
MoveFileExW
SetFilePointer
GetModuleFileNameW
GetLastError
CreateFileW
GetCommandLineW
GetCurrentProcess
WriteFile
GetStartupInfoA
CloseHandle
SetFileAttributesW
SetFileTime
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
__p__fmode
malloc
memset
_controlfp
_except_handler3
__p__commode
memcpy
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
wcsncpy
_acmdln
_adjust_fdiv
free
wcscat
__getmainargs
_exit
memmove
wcscpy
_initterm
__set_app_type
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
CreateDialogParamW
MessageBoxW
PeekMessageW
SendMessageW
IsDialogMessageW
EnableWindow
GetMessageW
TranslateMessage
SetDlgItemTextW
SetWindowTextW
LoadIconW
GetDlgItem
GetDlgItemTextW
ShowWindow
ExitWindowsEx
DispatchMessageW
DestroyWindow
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7-Zip Installer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
18944

EntryPoint
0x7104

OriginalFileName
7zipInstall.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2016 Igor Pavlov

FileVersion
16.02

TimeStamp
2016:05:21 09:52:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zipInstall

ProductVersion
16.02

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
25600

ProductName
7-Zip

ProductVersionNumber
16.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 90b765e3aa781105d973b241e2cfad15
SHA1 0d2c251dbf1bf3cf47da6d8118679995a979ad2a
SHA256 f1601b09cd0c9627b1aab7299b83529e8fbc6b5078e43dfd81a1b0bfcdf4a308
ssdeep
24576:v/WShDAuStAiUtEw0Z2Wr8aNIvK5lp9fCq4yNiKDEhCjFvrDNNvogi:v/bA6VTusXWRfCKKY5Pzi

authentihash 5b8610525344bb31e61bdb412a057e382bbf3988b959a9f5a846d2bfad198ab4
imphash 2218615515d79bc34c8e763828ed9da2
File size 1.3 MB ( 1378550 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2016-05-21 10:39:31 UTC ( 2 years, 6 months ago )
Last submission 2018-10-29 13:52:48 UTC ( 3 weeks, 1 day ago )
File names 7z1602x64.exe
7_Zip_(64bit)_v16.02.exe
nav51a8.tmp
7z1602-x64_2.exe
2d50.tmp
9a976a83-8e76-6b0a-e9d0-7351cd0ab0b1_1d270bd17dee1aa
7z1602-x64 (1).exe
navcdd1.tmp
$rzn61g4.exe
nav8431.tmp
nava91a.tmp
f1601b09cd0c9627b1aab7299b83529e8fbc6b5078e43dfd81a1b0bfcdf4a308.malware
7z1602-x64.exe
7-Zip 16.02 x64.exe
~vtbe4b.tmp
nav1bbc.tmp
1.exe
~vtd34e.tmp
nav603.tmp
7_zip_(64bit)_v16.02.exe
7z (version 1602 - x64).exe
475538
nav3602.tmp
752e.tmp
7z1602_x64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications