× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 2d444c5074da9aa1f2bfb10b80612854155ce73ba0a8bc9324948b86d05371b8
Nombre: 7zTM.exe
Detecciones: 2 / 71
Fecha de análisis: 2019-03-08 18:39:11 UTC ( hace 1 mes, 2 semanas ) Ver el más reciente
Antivirus Resultado Actualización
Jiangmin Backdoor.Poison.zu 20190308
VBA32 Trojan-Downloader.Autoit.gen 20190307
Acronis 20190222
Ad-Aware 20190308
AegisLab 20190308
AhnLab-V3 20190308
Alibaba 20190306
ALYac 20190308
Antiy-AVL 20190308
Arcabit 20190308
Avast 20190308
Avast-Mobile 20190308
AVG 20190308
Avira (no cloud) 20190308
Babable 20180918
Baidu 20190306
BitDefender 20190308
Bkav 20190308
CAT-QuickHeal 20190308
ClamAV 20190308
CMC 20190308
Comodo 20190308
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190308
Cyren 20190308
DrWeb 20190308
eGambit 20190308
Emsisoft 20190308
Endgame 20190215
ESET-NOD32 20190308
F-Prot 20190308
F-Secure 20190308
Fortinet 20190308
GData 20190308
Ikarus 20190308
Sophos ML 20181128
K7AntiVirus 20190308
K7GW 20190308
Kaspersky 20190308
Kingsoft 20190308
Malwarebytes 20190308
MAX 20190308
McAfee 20190308
McAfee-GW-Edition 20190308
Microsoft 20190307
eScan 20190308
NANO-Antivirus 20190308
Palo Alto Networks (Known Signatures) 20190308
Panda 20190308
Qihoo-360 20190308
Rising 20190308
SentinelOne (Static ML) 20190203
Sophos AV 20190308
SUPERAntiSpyware 20190307
Symantec 20190308
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190308
TheHacker 20190304
TotalDefense 20190308
Trapmine 20190301
TrendMicro 20190308
TrendMicro-HouseCall 20190308
Trustlook 20190308
VIPRE 20190308
ViRobot 20190308
Webroot 20190308
Yandex 20190306
Zillya 20190307
ZoneAlarm by Check Point 20190308
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2.1.0.0
Description An easy to use 7-Zip toolbar- and filetype theme manager.
Packers identified
F-PROT AutoIt, UTF-8, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-17 17:42:20
Entry Point 0x000B21B0
Number of sections 3
PE sections
Overlays
MD5 2d2a249db121f440226c38b3e31ccdfa
File type data
Offset 292352
Size 575376
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetConnectionW
SafeArrayUnaccessData
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_ICON 6
RT_GROUP_ICON 4
RT_VERSION 2
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
Number of PE resources by language
ENGLISH UK 19
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
454656

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.1.0.0

LanguageCode
German

FileFlagsMask
0x0000

FileDescription
An easy to use 7-Zip toolbar- and filetype theme manager.

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0xb21b0

MIMEType
application/octet-stream

FileVersion
2.1.0.0

TimeStamp
2009:12:17 18:42:20+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.2.0

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 046dc542fb62d337c9dee0f41ef63ed5
SHA1 80e394f9796c50dbf83c06ae10a60a320f2bd0b6
SHA256 2d444c5074da9aa1f2bfb10b80612854155ce73ba0a8bc9324948b86d05371b8
ssdeep
24576:2PO8MeQS143+jhfjndzwGfhTm0GTKzgmZrJWxRz0tF+IH9:2POhSRh0whTmpTMJJWxqT9

authentihash 27e6856234c612ef1c18be9da861a8c9e272ad16fc1fe46f2916007c90ba6b5b
imphash 77b2e5e9b52fbef7638f64ab65f0c58c
Tamaño del fichero 847.4 KB ( 867728 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID AutoIt3 compiled script executable (87.8%)
UPX compressed Win32 Executable (4.6%)
Win32 EXE Yoda's Crypter (4.5%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2010-04-12 14:36:50 UTC ( hace 9 años )
Last submission 2019-03-08 18:39:11 UTC ( hace 1 mes, 2 semanas )
Nombres 7zTM.exe
046dc542fb62d337c9dee0f41ef63ed5.sample.unscrambled
7zTM 2.1.exe
7zTM.exe
file-1445809_exe
file-3509091_exe
7zTM.exe
7zTM.exe
7zTM.exe
D1B1034490B661BF3DE00D948FBCA3001B6F8E04.exe
7zTM.exe
7zTM.exe
7zTM.exe
7zTM.exe
smona_2d444c5074da9aa1f2bfb10b80612854155ce73ba0a8bc9324948b86d05371b8.bin
7zTM.exe
7ztm.exe
7zTM.exe
7zTM 2.1.ex_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!