Manalyze report for 0330d0bd7341a9afe5b6d161b1ff4aa1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Aug-11 13:00:00
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion	`24.08`
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2024 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion	`24.08`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Can access the registry: RegSetValueExW RegQueryValueExW RegOpenKeyExW RegCloseKey RegCreateKeyExW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`1587280 bytes of data starting at offset 0x9000.` `The overlay data has an entropy of 7.99636 and is possibly compressed or encrypted.` `Overlay data amounts for 97.7303% of the executable.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2025-02-07 16:31:05)	`Bkav: W32.AIDetectMalware`

Hashes

MD5	`0330d0bd7341a9afe5b6d161b1ff4aa1`
SHA1	`86918e72f2e43c9c664c246e62b41452d662fbf3`
SHA256	`67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b`
SHA3	`8f1a13b6e1743cf89b697bb161ee3eb2644b3a5a179c63afe1c6fd24afe7d404`
SSDeep	`24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3`
Imports Hash	`cf0d2de4fd6406302012e0f40060395f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Aug-11 13:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6600`
SizeOfInitializedData	`0x5e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007294 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`92c15bc559436197211dd4ef06b937c3`
SHA1	`3f585abbc83261c278c408ee246748eb02203718`
SHA256	`d9c8998f4d5c5f419120be35b6c1ccff8a3c15208f6d80baef456fcb1501003b`
SHA3	`64d913fc5b40418abf85dc5c8f08b127a2d69613289256944804462db11b9872`
VirtualSize	`0x65ee`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61411`

.rdata

MD5	`6371f58804eb9c582c616252e35f441a`
SHA1	`855f11f6c20e1ae15255e2d329288a0d6aefb726`
SHA256	`1e64e5948517bc430476a90e445e3053c5f07c2049dd125911876997a2c9468b`
SHA3	`c92106549d69b41405724568987b33c3e5446713d48200317f7abccc6ab954a1`
VirtualSize	`0x1346`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.61769`

.data

MD5	`598e1aae6ecbd8237c4383f4be94b9f1`
SHA1	`ab4a6d7509b109b24572e011b0696647c7af25f0`
SHA256	`f60983e21c9cca08114b490d798ca0c0435a6857fd6176a2da8222694af0e852`
SHA3	`6a6b8c71015beef8a08636cc20b9dc37e55151b2ebf483b758e88d727edf68cb`
VirtualSize	`0x38ec`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`20da3b4bc17b37bbf40354d2a9099839`
SHA1	`5692d2b18f074c8a493d0153aab9c0dcce1bd6cb`
SHA256	`7da25fccd72bd1ad0975e21e6a2686bed9f9b5d71120ea310f7bd1826ddf5ef3`
SHA3	`7893451b9f8e4a8a0934e6f95fd480f8707c3a352eeb41236600bb3228feebe9`
VirtualSize	`0xfe8`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36621`

Imports

ole32.dll	`CoCreateInstance` `CoInitialize`
USER32.dll	`PeekMessageW` `ExitWindowsEx` `GetDlgItemTextW` `SetWindowTextW` `ShowWindow` `MessageBoxW` `CreateDialogParamW` `LoadIconW` `SendMessageW` `GetMessageW` `EnableWindow` `GetDlgItem` `IsDialogMessageW` `TranslateMessage` `DispatchMessageW` `SetDlgItemTextW` `DestroyWindow`
ADVAPI32.dll	`RegSetValueExW` `OpenProcessToken` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `RegCreateKeyExW`
SHELL32.dll	`SHGetFolderPathW` `SHBrowseForFolderW` `SHGetPathFromIDListW`
MSVCRT.dll	`_exit` `_XcptFilter` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler3` `_controlfp` `memcpy` `memcmp` `memmove` `malloc` `free` `exit` `memset`
KERNEL32.dll	`ReadFile` `CloseHandle` `CreateFileW` `FormatMessageW` `WriteFile` `DeleteFileW` `CreateDirectoryW` `GetSystemDirectoryW` `LoadLibraryW` `GetModuleFileNameW` `GetFileAttributesW` `SetFilePointer` `GetVersion` `LoadLibraryExW` `GetModuleHandleA` `GetStartupInfoA` `LocalFree` `SetFileAttributesW` `SetFileTime` `MoveFileExW` `GetLastError` `lstrcatW` `GetCommandLineW` `lstrcpyW` `GetModuleHandleW` `GetProcAddress` `GetCurrentProcess` `lstrlenW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39918`
MD5	`28683b6aa3bf8a170d1ceb9fa05bf362`
SHA1	`40845066b357fff695ee2d3e41c19e28442671ac`
SHA256	`728d514fdcaab8770f1a113f141428b4860027f6685356d74274c03e194d68a6`
SHA3	`43d751bf866f5bd39b82678daca2d56a0ad157584ad31fdd9433508ff72fd4d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68942`
MD5	`794fe7995c967ebd479f68359353ebc4`
SHA1	`7454c492fdd935a58fad5713290c48b8abb277ba`
SHA256	`d06002f9e317adc6377c0bc9af92fa7e9392fd74cd9928fd911729a1e8e3e6df`
SHA3	`6262f83326cca2298109be4fca6a38bc56c2410be8c357b160a2992d551489b5`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19524`
MD5	`656a46a1469ab351cbbabb430222cfef`
SHA1	`c51ce11d8aa49e4f06f57b7a25273aa561626a2b`
SHA256	`ed65f792943b4496d98ae4ffeb6cf2879f66659a5ccf4a97d757aa8ac01158ca`
SHA3	`a6093ef8743a6e5c998fb509d5fb10f93e8b7153fb8a44c7bb9099ad34a2fb2b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41829`
MD5	`99d2e1cf1d62eb84366fdd8926158bb5`
SHA1	`fd8f21a6c6c511199c7792cc1961973c008793a7`
SHA256	`aed06178dc596bdb200dbd2ac371447495874482121920b11d15047faadb0063`
SHA3	`1003e036698493cf97c36e16cf12a18fcc00fc4e8cd5ecce4b3eb49b210fd846`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38456`
MD5	`cb155a58b9738e2ce7f0202ecfa2558a`
SHA1	`e3300091ba9256654a3cbb470c7533830a34cab1`
SHA256	`26a6223f5623e45cd64181ff93c6d178abd00d3f2ad41f1d1222381f90bbf0b5`
SHA3	`823e467a392d62a5179d167fd51a877fce14316bb37203ba25e30d439cc024c2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	24.8.0.0
ProductVersion	24.8.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion (#2)	24.08
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2024 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion (#2)	24.08

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbb8a73a`
Unmarked objects	`0`
C objects (8047)	`11`
14 (7299)	`5`
Linker (8047)	`2`
C objects (2190)	`2`
Total imports	`82`
Imports (2179)	`11`
C objects (VS98 SP6 build 8804)	`13`
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

0330d0bd7341a9afe5b6d161b1ff4aa1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

100

1 (#2)

1 (#3)

1 (#4)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors