4d0f1bf4878289997eef929f76cc2b63

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Jun-12 14:59:19
Detected languages English - United States
CompanyName Igor Pavlov
FileDescription 7z Setup SFX
FileVersion 23.01
InternalName 7zS.sfx
LegalCopyright Copyright (c) 1999-2023 Igor Pavlov
OriginalFilename 7zS.sfx.exe
ProductName 7-Zip
ProductVersion 23.01

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Possibly launches other programs:
  • CreateProcessW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Info The PE is digitally signed. Signer: Opera Norway AS
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 4d0f1bf4878289997eef929f76cc2b63
SHA1 7b8810ab331aed7376dbb9dcd233eff1f5efd6ef
SHA256 ddf07e8061e5f1bc8b283eeadb8beb8bc7266b50cf4074684ecfd6ab9446ccf9
SHA3 ac1e489847e8d76d921ebbabd32446c5621f7f29bb4ecc944f12ec6585c42b58
SSDeep 98304:5AyXe7ykegiTNpjQpSI14jSKQoDXAy0YbJ31nu2CmU:vXe7tiTHjY4jS1sXA/mJ5u2nU
Imports Hash e59d00b0d90522ee1a983f13d4ff7e50

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2024-Jun-12 14:59:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x3a200
SizeOfInitializedData 0x16a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000213C0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3c000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x58000
SizeOfHeaders 0x400
Checksum 0x323425
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6a0f9d03234355958a7550e0435cb0aa
SHA1 21dcbd8530697a7aa1626fecc00f50e394ccd698
SHA256 e853f10bf06bb065d2396e9cd8f2d842cff0318d6664841495eddf3d945233ba
SHA3 f7f39cbef1c1d59e28519991ccabbdf14762669b11c4a84631a520dcb353e0f0
VirtualSize 0x3a1b9
VirtualAddress 0x1000
SizeOfRawData 0x3a200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.61138

.rdata

MD5 9b30ca706a47300e3fb4d74dc23e56af
SHA1 98dc3c797d940dea3a024dc3085bb7d372384dfa
SHA256 34fe7ec1ae9ef46e63d8a5d356776944d0ce29d6ca3075c4e5db2b9bedbd26b2
SHA3 2f8f93e1c723b2a59b21e7a33f1bfc0f20f90bd8d751a66b970f629abbcbdff3
VirtualSize 0xe87a
VirtualAddress 0x3c000
SizeOfRawData 0xea00
PointerToRawData 0x3a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.61156

.data

MD5 e00a51642ea77ddea3af17cfd1e49f31
SHA1 9b16952a67b6fe27e387b7ed7f5d35cc80583ce5
SHA256 99b6af3a1f78416e8ea7ab4b84d695fccae864156656721a96530a40cac18c71
SHA3 f3e38d587d7df270a70381330257077ad6edf88ed8c9d166870bdd241a776f83
VirtualSize 0x4be0
VirtualAddress 0x4b000
SizeOfRawData 0x1c00
PointerToRawData 0x49000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.07885

.rsrc

MD5 daf9b42fa713f1daeccb957e0ff12637
SHA1 07e09483898a08b5450fd9a15f4356a5f2ff02ec
SHA256 cd5be843bf44b703198cdb068dff917069be0f2f2f3d8818b0f603b67faeef21
SHA3 c12c02fc0f33e16ed63bd6c50a3f2025f1452abaa62717b82b404e0075dfbb12
VirtualSize 0x3054
VirtualAddress 0x50000
SizeOfRawData 0x3200
PointerToRawData 0x4ac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.25246

.reloc

MD5 8eb911e96942ed9a5d44944725dd52df
SHA1 844bd26e5145eadbe101b1db92211a53b80625ba
SHA256 f6147a6a80cfb9e4123d7639eb345934ab54a9052688483f9f792f634ff541f4
SHA3 0c605afeda9ce6d090acebd9f999c00c77b33572b327d8f1a764e81ec2c1412b
VirtualSize 0x31a8
VirtualAddress 0x54000
SizeOfRawData 0x3200
PointerToRawData 0x4de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.51604

Imports

KERNEL32.dll VirtualFree
VirtualAlloc
GetVersion
IsProcessorFeaturePresent
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetLastError
SetEvent
CloseHandle
ResetEvent
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
FormatMessageW
LocalFree
CreateFileW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
GetStdHandle
Sleep
GetVersionExW
GetCommandLineW
CreateProcessW
GetExitCodeProcess
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
WriteConsoleW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
QueryPerformanceFrequency
GetLocaleInfoEx
FindFirstFileExW
AreFileApisANSI
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
USER32.dll LoadIconW
EndDialog
KillTimer
SetTimer
DestroyWindow
SendMessageW
SetWindowTextW
MessageBoxW
PostMessageW
LoadStringW
DialogBoxParamW
GetDlgItem
GetWindowLongW
SetWindowLongW
ShowWindow
CharUpperW
SHELL32.dll ShellExecuteExW
OLEAUT32.dll VariantClear
SysStringLen
SysAllocStringLen

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.09831
MD5 bc233a28292339caaa9c1bf7469eb02a
SHA1 98171b79b03ab4380aed4c6c8e8f1ff993f1b0d2
SHA256 567f400071438d1eef81c71f1fe1fa703768751e5116a428018c9e20d218ecfe
SHA3 72071dab2dd47dcc60349d39a38ff3ccd0e5362ffa7a1bf63be4570665947844

97

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04857
MD5 13729251ed97317c9483a16420c70648
SHA1 8aba410ab7390e4da137156c84ee6263eec1f36f
SHA256 06ca7a5a0698f88a5692f9d598ff7334209bf2272b5a2798929a1fc3b60b8677
SHA3 26bf54dacf79edac57656f57f5b7ecef59d1b97d05d3f6d93a3c811a1c9a2e9a

1 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x60
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.38262
MD5 6e4db8988b0449f6512d49ce3a9517a7
SHA1 1eab5aa4c5fdda84410577afb775aa3d9b09d6c3
SHA256 4a208f52d1765405454937584c93131b2acee7c9baf7a7a288ad6244ff47a2b4
SHA3 95f7fdefb0b4787b0c30006573b2d7dd1789a56ad66d87acc9eb9899a607a2c6

188

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x54
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.17822
MD5 a70f26327fbf4252448d9ccccd842faf
SHA1 3a015c9d0f7e490a25be55e204d844c7de9f9d2e
SHA256 b5e7c4be8f403ccb671414c2a534c72cdaf1a8461edf59caba03ac7216780749
SHA3 70eb8333298da9ef6c413c220399886dc44d013e16ec266aa66b044066dda1c7

207

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.43775
MD5 716f3259b70c376b8757003128391219
SHA1 a1b172c455640670db67ade9d9c7b62d9d2d3396
SHA256 5b51218d289f8381b271c6d4d224c67e99c9cdbf9d3f529bb8da29687f7180ec
SHA3 d9f9ec98368534575af8442776bcb377303669e86ec003f9af3b5508c1d21d26

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 6da8e7d5ae1d5d15e0230a67a7c16c6d
SHA1 678db52cbe5d617c33c6269bfd4b6d8d1a17f956
SHA256 6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
SHA3 994fc217c7b8bc8008ac262ff58044403206de6eceafd424d4640ecad395eb2f

1 (#4)

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x284
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35795
MD5 50a775f85b82d885eb15573b2998efd3
SHA1 40a39e45de4ac1c4bb3a19da13cb31678fcc1685
SHA256 453813b8e4fdc762f8ba4182e66f284788db7dba2d587e8575f10eb72f875a98
SHA3 635621db7e3819832c97c6d5d9f26b46286cfe277f463eecf56d0dd36d21cfcd

1 (#5)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x2bc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.45489
MD5 108760e8a94263c41e619b98419fabf6
SHA1 c9d80cf2b45408f1b70b9ccec5cf013ac9037aeb
SHA256 ba11a8b98601c1eb3e8dbe84fc572b30ddce82c0347ff475a2a6f7ccaa8fb7a2
SHA3 901d1ef06e6468b4f92e0d16996ba2e13b8e037f1124abec0a230d99bdb5d3a4

1 (#6)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Jun-12 14:59:19
Version 0.0
SizeofData 852
AddressOfRawData 0x473e8
PointerToRawData 0x459e8

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x44b040
SEHandlerTable 0x446ed0
SEHandlerCount 123

RICH Header

XOR Key 0x84a76d0a
Unmarked objects 0
ASM objects (30795) 13
C++ objects (30795) 176
C++ objects (33218) 85
C objects (33218) 20
ASM objects (33218) 23
C objects (30795) 22
Imports (30795) 9
Total imports 203
C objects (LTCG) (33523) 86
Resource objects (33523) 1
151 1
Linker (33523) 1

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.
<-- -->