× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f59f4fe4ff7a3cba84c0acba03ebf0d9d4c02037de94a8d673c5cdc38a8b1577
File name: 7ZSfxMod
Detection ratio: 6 / 56
Analysis date: 2015-02-05 00:08:11 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Baidu-International Hacktool.Win32.Elevate.BA 20150204
ESET-NOD32 Win32/Elevate.A potentially unsafe 20150204
McAfee Artemis!5A3F40EE38EC 20150204
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.tc 20150205
Qihoo-360 HEUR/QVM41.1.Malware.Gen 20150205
TrendMicro-HouseCall Suspicious_GEN.F47V0112 20150204
Ad-Aware 20150205
AegisLab 20150205
Yandex 20150202
AhnLab-V3 20150204
Alibaba 20150203
ALYac 20150205
Antiy-AVL 20150204
Avast 20150204
AVG 20150204
Avira (no cloud) 20150205
AVware 20150205
BitDefender 20150204
Bkav 20150203
ByteHero 20150205
CAT-QuickHeal 20150204
ClamAV 20150205
CMC 20150202
Comodo 20150204
Cyren 20150204
DrWeb 20150204
Emsisoft 20150204
F-Prot 20150204
F-Secure 20150204
Fortinet 20150204
GData 20150204
Ikarus 20150204
K7AntiVirus 20150204
K7GW 20150205
Kaspersky 20150204
Kingsoft 20150205
Malwarebytes 20150204
Microsoft 20150204
eScan 20150205
NANO-Antivirus 20150204
Norman 20150204
nProtect 20150204
Panda 20150204
Rising 20150204
Sophos AV 20150205
SUPERAntiSpyware 20150204
Symantec 20150205
Tencent 20150205
TheHacker 20150203
TotalDefense 20150205
TrendMicro 20150204
VBA32 20150204
VIPRE 20150204
ViRobot 20150204
Zillya 20150204
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Publisher Oleg N. Scherbakov
Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.6.0.2712
Description 7z Setup SFX (x86)
Packers identified
F-PROT appended, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 00:38:51
Entry Point 0x0001942F
Number of sections 4
PE sections
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_controlfp
memmove
memcpy
_beginthreadex
_initterm
_exit
_EH_prolog
__set_app_type
SysFreeString
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
CopyImage
GetWindow
GetSysColor
DispatchMessageW
GetKeyState
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
PtInRect
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

CharacterSet
Unicode

InitializedDataSize
102912

FileOS
Windows NT 32-bit

PrivateBuild
December 30, 2012

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.6.0.2712

TimeStamp
2012:12:31 01:38:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

FileAccessDate
2015:02:05 01:08:16+01:00

ProductVersion
1.6.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:05 01:08:16+01:00

OriginalFilename
7ZSfxMod_x86.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
101888

ProductName
7-Zip SFX

ProductVersionNumber
1.6.0.2712

EntryPoint
0x1942f

ObjectFileType
Executable application

File identification
MD5 5a3f40ee38ecc349f0c61549072c7f49
SHA1 dc4c767aebbd19082df4c8ab23630ab30ac315cf
SHA256 f59f4fe4ff7a3cba84c0acba03ebf0d9d4c02037de94a8d673c5cdc38a8b1577
ssdeep
49152:5gwRK2cdpWhLrK0vRdC2ArTfMQg4kBfnuR:5gwRK2czwrKcCpVixnK

authentihash d84dc096a12452d365e5c0e15553c2e2be25536a0bcf8d66c0c8d0922777b093
imphash f6baa5eaa8231d4fe8e922a2e6d240ea
File size 1.9 MB ( 2009869 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-12 03:20:37 UTC ( 2 years, 7 months ago )
Last submission 2015-01-29 00:07:51 UTC ( 2 years, 6 months ago )
File names 7ZSfxMod
vti-rescan
7ZSfxMod_x86.exe
OEM Query Tool 7z.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.