× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 4c4933665a96805943aba5f4c660fed571516b4ffdb2c2f55489af6d8d4a7437
Nome del file: 7ZSfxMod
Rapporto rilevamento: 13 / 59
Data analisi: 2017-05-20 21:11:20 UTC ( 4 mesi fa )
Antivirus Risultato Aggiornamento
AegisLab Troj.Rogue.Htrt!c 20170520
Avast Win32:GenMalicious-AMZ [Trj] 20170520
Avira (no cloud) TR/Rogue.htrt 20170520
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9525 20170503
CrowdStrike Falcon (ML) malicious_confidence_83% (D) 20170130
Endgame malicious (moderate confidence) 20170515
GData Win32.Trojan.Agent.G9ZDF5 20170520
McAfee Artemis!ABF56BDC8281 20170520
McAfee-GW-Edition Artemis 20170520
Palo Alto Networks (Known Signatures) generic.ml 20170520
Qihoo-360 Win32/Trojan.ca1 20170520
SentinelOne (Static ML) static engine - malicious 20170516
TrendMicro-HouseCall Suspicious_GEN.F47V0420 20170520
Ad-Aware 20170520
AhnLab-V3 20170520
Alibaba 20170519
ALYac 20170520
Arcabit 20170520
AVG 20170520
AVware 20170520
BitDefender 20170520
CAT-QuickHeal 20170520
ClamAV 20170520
CMC 20170520
Comodo 20170520
Cyren 20170520
DrWeb 20170520
ESET-NOD32 20170520
F-Prot 20170520
F-Secure 20170520
Fortinet 20170520
Ikarus 20170520
Sophos ML 20170519
Jiangmin 20170520
K7AntiVirus 20170520
K7GW 20170520
Kaspersky 20170520
Kingsoft 20170520
Malwarebytes 20170520
Microsoft 20170520
eScan 20170520
NANO-Antivirus 20170519
nProtect 20170519
Panda 20170520
Rising 20170518
Sophos AV 20170520
SUPERAntiSpyware 20170520
Symantec 20170520
Symantec Mobile Insight 20170518
Tencent 20170520
TheHacker 20170520
TotalDefense 20170520
TrendMicro 20170520
Trustlook 20170520
VBA32 20170519
VIPRE 20170520
ViRobot 20170520
Webroot 20170520
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
ZoneAlarm by Check Point 20170520
Zoner 20170520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2012 Oleg N. Scherbakov

Product 7-Zip SFX
Original name 7ZSfxMod_x86.exe
Internal name 7ZSfxMod
File version 1.5.0.2712
Description 7z Setup SFX (x86)
Packers identified
F-PROT 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-30 08:49:43
Entry Point 0x0002B450
Number of sections 3
PE sections
Overlays
MD5 b805b44a7ac1be88c76f51dd735092ea
File type data
Offset 119808
Size 395569
Entropy 8.00
PE imports
DeleteDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleLoadPicture
SHGetMalloc
CoInitialize
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
114688

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.0.2712

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
7z Setup SFX (x86)

CharacterSet
Unicode

InitializedDataSize
61440

PrivateBuild
December 30, 2012

EntryPoint
0x2b450

OriginalFileName
7ZSfxMod_x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2012 Oleg N. Scherbakov

FileVersion
1.5.0.2712

TimeStamp
2012:12:30 09:49:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7ZSfxMod

ProductVersion
1.5.0.2712

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oleg N. Scherbakov

CodeSize
61440

ProductName
7-Zip SFX

ProductVersionNumber
1.5.0.2712

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 abf56bdc82818fa8bf8209549852316e
SHA1 cda691187c01ad15b55597271eaf99ef37cc92e8
SHA256 4c4933665a96805943aba5f4c660fed571516b4ffdb2c2f55489af6d8d4a7437
ssdeep
12288:PdgXdsxZoMRxaks/+6vYRLURfeMY/3DzEgB2167LA7yQVQL:VUdsHtRwkKrvgUsHvvEgBK63AuQVG

authentihash 55fe71c6cf4c768221b4825c9975314e2e4be5dbd01d902ef4771c1b139dda12
imphash b9aae71f12ba258e48a651bbd50fa7f5
File size 503.3 KB ( 515377 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-02-10 17:03:35 UTC ( 2 anni, 7 mesi fa )
Last submission 2017-04-20 07:58:11 UTC ( 5 mesi fa )
Nomi dei files 7ZSfxMod
7ZSfxMod_x86.exe
FlashUpdater.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.