Manalyze report for 1fecf4e3407950939c8ffcc3e42e3039821997dea155301c75369474e5f15175

Summary

Architecture	`UNKNOWN`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-27 15:00:00
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion	`26.01`
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion	`26.01`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCreateKeyExW RegCloseKey RegSetValueExW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The file contains overlay data.	`1467093 bytes of data starting at offset 0x1e800.` `The file contains a 7-Zip compressed file after the PE data.` `Overlay data amounts for 92.1529% of the executable.`
Safe	VirusTotal score: 0/65 (Scanned on 2026-06-01 10:00:19)	`All the AVs think this file is safe.`

Hashes

MD5	`a3f583ba6b6a90f7bc4e7a233797d03e`
SHA1	`4e878ec715960e6ced7655cd2d34189fa7d10e3f`
SHA256	`1fecf4e3407950939c8ffcc3e42e3039821997dea155301c75369474e5f15175`
SHA3	`4faad341dd68bb2586a58339a73d17c29f4a83f377c74306da6efe386ecd2ce4`
SSDeep	`49152:3/V4ZUBGxDs50hafuJYA8YxEqgd1Ecso5KSD6A:vVQlxYBA8YxEmFsIA`
Imports Hash	`094c6ec1d015981d74afe7833c592edc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`UNKNOWN`
NumberofSections	`6`
TimeDateStamp	2026-Apr-27 15:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x13200`
SizeOfInitializedData	`0xfa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000009030 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.2`
ImageVersion	`0.0`
SubsystemVersion	`6.2`
Win32VersionValue	`0`
SizeOfImage	`0x27000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7bb72f2f3fd47a66b9310e74933a5bc0`
SHA1	`0c87c9ce0d476db3f401a6872019c508d237b136`
SHA256	`681d888cc3fac888931a5617187a7db24f8b0614b696f9ebcd69efc261954884`
SHA3	`89af8e686724c6f73d209936b11e420b3fddec336c5e23d2b8fde1babff0d016`
VirtualSize	`0x13024`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40011`

.rdata

MD5	`f1a67a53138801da27c7a1e7d2e7a0ff`
SHA1	`476145654b799b13bee14e8f9c5dacd59afe12a8`
SHA256	`30848c869cd8b7b4c96095142f130a33bd656eff69c294250999f41d04ce87d0`
SHA3	`1b3e4c868efe11b75ccf383ddc96dcec2a36aa83c778f4a87f6640b10e898107`
VirtualSize	`0x81f2`
VirtualAddress	`0x15000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.10751`

.data

MD5	`b181346daf1934716df1e53054b980f0`
SHA1	`19be09d40126ac268e5d120acc6e47d8b6ac42ab`
SHA256	`a85913ef416802b94d543c72907b8382ac5f187a5bcbd8f6823dc5443b0ce6d0`
SHA3	`48a178fcf9aeb979ef0ea09cdf01defb11102df6605e21a60e7447ab12a395ec`
VirtualSize	`0x52e8`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.67489`

.pdata

MD5	`bb7cdd6b73e259722d20c16238551d9b`
SHA1	`1e4e335a4ee4875fae7e557ed608f7f2126d2a0b`
SHA256	`c0664ab6da343f3409081a3881723bb8171437c75278326712f269432ab34366`
SHA3	`0057a5999f4359284119ddd2156f5caf73f1b1a9d56fee292f3967cf3faf5108`
VirtualSize	`0xa08`
VirtualAddress	`0x24000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46116`

.rsrc

MD5	`83174c98e971d7aa45c0f14849fb9b19`
SHA1	`fdb586c8db0ca5c688e9b33baba61a5e6e117a5b`
SHA256	`65f40e647120c9c36395f660c6c753d6332f87aa40cc955fe3a370ba9d6d6bdd`
SHA3	`3147628fb290246c3fbf7fee87e5b8d83ec2d4a9805266a9e2e6b06561c44368`
VirtualSize	`0xfe8`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.37339`

.reloc

MD5	`241e03cce79d1e5f08308c5bd8978bf7`
SHA1	`7e923d09abc5b5c0bd35efd3bdac0228838a9640`
SHA256	`061aa48f20fc9788bf29b080534a85b193e20b301448af06867779f72f12d7f3`
SHA3	`a6ff30a9bcfaac6b90c3be923f8ca31f152754a9d5b3747a9e67eaf133007bc7`
VirtualSize	`0x644`
VirtualAddress	`0x26000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.84176`

Imports

ole32.dll	`CoInitialize` `CoCreateInstance`
USER32.dll	`GetMessageW` `IsDialogMessageW` `LoadIconW` `MessageBoxW` `SetWindowTextW` `EnableWindow` `GetDlgItemTextW` `SetDlgItemTextW` `GetDlgItem` `CreateDialogParamW` `ShowWindow` `DestroyWindow` `SendMessageW` `ExitWindowsEx` `PeekMessageW` `DispatchMessageW` `TranslateMessage`
ADVAPI32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCreateKeyExW` `RegCloseKey` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `RegSetValueExW`
SHELL32.dll	`SHBrowseForFolderW` `SHGetFolderPathW` `SHGetPathFromIDListW`
KERNEL32.dll	`HeapSize` `GetProcessHeap` `LCMapStringW` `HeapReAlloc` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `SetFilePointerEx` `WriteConsoleW` `GetCommandLineW` `CreateDirectoryW` `DeleteFileW` `GetFileAttributesW` `SetFileAttributesW` `SetFileTime` `GetLastError` `GetCurrentProcess` `GetSystemDirectoryW` `GetModuleFileNameW` `GetProcAddress` `LoadLibraryW` `LocalFree` `FormatMessageW` `lstrcpyW` `lstrcatW` `lstrlenW` `MoveFileExW` `CreateFileW` `ReadFile` `SetFilePointer` `WriteFile` `CloseHandle` `IsProcessorFeaturePresent` `GetVersion` `GetModuleHandleW` `LoadLibraryExW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetFileType` `RtlUnwindEx` `VerSetConditionMask` `VerifyVersionInfoW` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `ExitProcess` `TerminateProcess` `FreeLibrary` `GetModuleHandleExW` `GetStdHandle` `HeapFree` `HeapAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39918`
MD5	`28683b6aa3bf8a170d1ceb9fa05bf362`
SHA1	`40845066b357fff695ee2d3e41c19e28442671ac`
SHA256	`728d514fdcaab8770f1a113f141428b4860027f6685356d74274c03e194d68a6`
SHA3	`43d751bf866f5bd39b82678daca2d56a0ad157584ad31fdd9433508ff72fd4d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68942`
MD5	`794fe7995c967ebd479f68359353ebc4`
SHA1	`7454c492fdd935a58fad5713290c48b8abb277ba`
SHA256	`d06002f9e317adc6377c0bc9af92fa7e9392fd74cd9928fd911729a1e8e3e6df`
SHA3	`6262f83326cca2298109be4fca6a38bc56c2410be8c357b160a2992d551489b5`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19524`
MD5	`656a46a1469ab351cbbabb430222cfef`
SHA1	`c51ce11d8aa49e4f06f57b7a25273aa561626a2b`
SHA256	`ed65f792943b4496d98ae4ffeb6cf2879f66659a5ccf4a97d757aa8ac01158ca`
SHA3	`a6093ef8743a6e5c998fb509d5fb10f93e8b7153fb8a44c7bb9099ad34a2fb2b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41655`
MD5	`197277651df397ee931c4770a77139aa`
SHA1	`78ee0b5d3f19ed6beb1439502e73fb17bf5e9410`
SHA256	`04703b620701b09d71629b371b88454e989f0049b9dc738dd5f85d437e8b60c9`
SHA3	`ad9fb4e66d564d977ffa79ff16012b498594f38c370e94a037f93be6094d9a7f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38456`
MD5	`cb155a58b9738e2ce7f0202ecfa2558a`
SHA1	`e3300091ba9256654a3cbb470c7533830a34cab1`
SHA256	`26a6223f5623e45cd64181ff93c6d178abd00d3f2ad41f1d1222381f90bbf0b5`
SHA3	`823e467a392d62a5179d167fd51a877fce14316bb37203ba25e30d439cc024c2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	26.1.0.0
ProductVersion	26.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion (#2)	26.01
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion (#2)	26.01

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-27 14:30:23
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x1b980`
PointerToRawData	`0x19f80`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001e040`

RICH Header

XOR Key	`0xfbbeb1f`
Unmarked objects	`0`
ASM objects (27412)	`2`
C++ objects (27412)	`136`
ASM objects (35207)	`16`
C objects (35207)	`14`
C++ objects (35207)	`36`
C objects (27412)	`13`
C objects (CVTCIL) (27412)	`1`
Imports (27412)	`11`
Total imports	`135`
C objects (35226)	`14`
Resource objects (35226)	`1`
Linker (35226)	`1`

Errors

Leave a comment

No comments yet.