× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 4c4933665a96805943aba5f4c660fed571516b4ffdb2c2f55489af6d8d4a7437
Nome del file: 7ZSfxMod
Rapporto rilevamento: 12 / 62
Data analisi: 2017-04-29 01:35:57 UTC ( 2 giorni fa )
Antivirus Risultato Aggiornamento
AegisLab Troj.W32.Gen.m658 20170429
Avast Win32:GenMalicious-AMZ [Trj] 20170429
Avira (no cloud) TR/Rogue.htrt 20170428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9525 20170428
CrowdStrike Falcon (ML) malicious_confidence_83% (D) 20170130
Endgame malicious (moderate confidence) 20170419
GData Win32.Trojan.Agent.G9ZDF5 20170428
McAfee Artemis!ABF56BDC8281 20170428
McAfee-GW-Edition Artemis 20170428
Palo Alto Networks (Known Signatures) generic.ml 20170429
Qihoo-360 Win32/Trojan.ca1 20170429
TrendMicro-HouseCall Suspicious_GEN.F47V0420 20170429
Ad-Aware 20170428
AhnLab-V3 20170428
Alibaba 20170428
ALYac 20170429
Antiy-AVL 20170429
Arcabit 20170429
AVG 20170429
AVware 20170429
BitDefender 20170428
Bkav 20170428
CAT-QuickHeal 20170428
ClamAV 20170428
CMC 20170427
Comodo 20170429
Cyren 20170429
DrWeb 20170429
Emsisoft 20170428
ESET-NOD32 20170428
F-Prot 20170428
F-Secure 20170428
Fortinet 20170428
Ikarus 20170428
Invincea 20170413
Jiangmin 20170428
K7AntiVirus 20170428
K7GW 20170426
Kaspersky 20170428
Kingsoft 20170429
Malwarebytes 20170429
Microsoft 20170429
eScan 20170429
NANO-Antivirus 20170428
nProtect 20170428
Panda 20170428
Rising 20170429
SentinelOne (Static ML) 20170330
Sophos 20170429
SUPERAntiSpyware 20170429
Symantec 20170428
Symantec Mobile Insight 20170428
Tencent 20170429
TheHacker 20170428
TotalDefense 20170426
TrendMicro 20170428
Trustlook 20170429
VBA32 20170428
VIPRE 20170429
ViRobot 20170428
Webroot 20170429
WhiteArmor 20170409
Yandex 20170428
Zillya 20170428
ZoneAlarm by Check Point 20170429
Zoner 20170429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.5.0.2712
Description 7z Setup SFX (x86)
Packers identified
F-PROT 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-30 08:49:43
Entry Point 0x0002B450
Number of sections 3
PE sections
Overlays
MD5 b805b44a7ac1be88c76f51dd735092ea
File type data
Offset 119808
Size 395569
Entropy 8.00
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleLoadPicture
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
114688

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

CharacterSet
Unicode

InitializedDataSize
61440

PrivateBuild
December 30, 2012

EntryPoint
0x2b450

OriginalFileName
7ZSfxMod_x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.5.0.2712

TimeStamp
2012:12:30 09:49:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

ProductVersion
1.5.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
61440

ProductName
7-Zip SFX

ProductVersionNumber
1.5.0.2712

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 abf56bdc82818fa8bf8209549852316e
SHA1 cda691187c01ad15b55597271eaf99ef37cc92e8
SHA256 4c4933665a96805943aba5f4c660fed571516b4ffdb2c2f55489af6d8d4a7437
ssdeep
12288:PdgXdsxZoMRxaks/+6vYRLURfeMY/3DzEgB2167LA7yQVQL:VUdsHtRwkKrvgUsHvvEgBK63AuQVG

authentihash 55fe71c6cf4c768221b4825c9975314e2e4be5dbd01d902ef4771c1b139dda12
imphash b9aae71f12ba258e48a651bbd50fa7f5
File size 503.3 KB ( 515377 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-02-10 17:03:35 UTC ( 2 anni, 2 mesi fa )
Last submission 2017-04-20 07:58:11 UTC ( 1 settimana, 3 giorni fa )
Nomi dei files 7ZSfxMod
7ZSfxMod_x86.exe
FlashUpdater.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.