Manalyze report for 6fe18d5b3080e39678cabfa6cef12cfb25086377389b803a36a3c43236a8a82c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-12 12:00:00
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion	`26.00`
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion	`26.00`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress` `Can access the registry: RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegCloseKey RegQueryValueExW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The file contains overlay data.	`1609547 bytes of data starting at offset 0xb400.` `The file contains a 7-Zip compressed file after the PE data.` `Overlay data amounts for 97.2168% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-10 23:10:29)	`All the AVs think this file is safe.`

Hashes

MD5	`8225b98c5f9f30859e0e9dd09a2b6860`
SHA1	`50bab6b6088e1c3c2f3acc531edc346534591df5`
SHA256	`6fe18d5b3080e39678cabfa6cef12cfb25086377389b803a36a3c43236a8a82c`
SHA3	`afaa5cb924c78f0779c9c2186287872c4099b63b78470b0b38cb503d62947604`
SSDeep	`49152:GICnn7tFdMYFP3endsoqfKpxULew4f2ajn0gNmIwy5xkDT:GICnn7pM5dsLi7w4fTQgEIE`
Imports Hash	`d00af420812a39241f821fb057cc3154`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Feb-12 12:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x7e00`
SizeOfInitializedData	`0x6a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008800 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a22287f3f5f9f18b4a3a414f61839935`
SHA1	`0a2b70b0122960feb5999662ab849c8f693dc32f`
SHA256	`de9f06821df02606176bd5f760f75f8cdbf62ed4957b6e36386293b324ddb3dc`
SHA3	`6b0375026f647da495ad34fa5dcca95e1d5c362e91270e23906b26796fdc3d30`
VirtualSize	`0x7cf4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.26714`

.rdata

MD5	`365e05007e7f66cb20e325de3c471d9c`
SHA1	`43945320bb7489985b1aefcf73f7a10229efa17d`
SHA256	`07a9187abf3b6f8195bc9b0947166a1abe48d1d12430d8b196e4aa0ef6c9edf6`
SHA3	`02e3fb6be216d8ae6745e7750d52c5f7243b27b0398620113cc508767c9c64e9`
VirtualSize	`0x1ab8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47577`

.data

MD5	`9475a59226943a3ad422e18169989f66`
SHA1	`4174927c59854c80d33c69e7a43856b2b6c6af84`
SHA256	`d839a3521723b8a55d09d8eed9848940b284828e4d09218202c3ee11046bc16d`
SHA3	`6a93cc87909571d767d237e39dc48f437ee4242cf646fe335698b2b191003d4e`
VirtualSize	`0x3960`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.pdata

MD5	`f95bb6b004de341e5b05fe31dd3ad595`
SHA1	`1968a29e832903bc51992ff9ca66f068e6f8113f`
SHA256	`b1e55a1b92a80e278b132cdc8cbf7978209587e9bc57ac868b1084ced8927af0`
SHA3	`515aee29c8f223b2750553130dd5b58fbed1c9ca3b42c08c22901ef4b0386b0e`
VirtualSize	`0x390`
VirtualAddress	`0xf000`
SizeOfRawData	`0x400`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93455`

.rsrc

MD5	`d1c3ed85b515dc62dac19032b8c3eebe`
SHA1	`f2e438015df8f6039170d43d623e49f8a9613d62`
SHA256	`803230ab5f073de7a190a3df8c9df77e9452b392405bcc377a6a3d2be941a59d`
SHA3	`c632276b94214b09e197269365bd1b2687fa3649f1d0e031993d55a18939fb42`
VirtualSize	`0xfe8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36555`

Imports

ole32.dll	`CoInitialize` `CoCreateInstance`
USER32.dll	`MessageBoxW` `DestroyWindow` `ShowWindow` `SetWindowTextW` `EnableWindow` `GetDlgItem` `SetDlgItemTextW` `GetDlgItemTextW` `ExitWindowsEx` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `IsDialogMessageW` `GetMessageW` `LoadIconW` `CreateDialogParamW` `SendMessageW`
ADVAPI32.dll	`LookupPrivilegeValueW` `AdjustTokenPrivileges` `RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW` `OpenProcessToken`
SHELL32.dll	`SHGetFolderPathW` `SHGetPathFromIDListW` `SHBrowseForFolderW`
msvcrt.dll	`memcpy` `_c_exit` `__C_specific_handler` `free` `malloc` `memmove` `memcmp` `exit` `__set_app_type` `_fmode` `_commode` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `_cexit` `memset` `_exit` `_XcptFilter`
KERNEL32.dll	`CloseHandle` `CreateFileW` `GetCommandLineW` `GetModuleFileNameW` `ReadFile` `SetFileTime` `MoveFileExW` `GetCurrentProcess` `FormatMessageW` `LocalFree` `DeleteFileW` `WriteFile` `SetFilePointer` `GetModuleHandleW` `LoadLibraryExW` `GetStartupInfoA` `SetFileAttributesW` `GetFileAttributesW` `CreateDirectoryW` `GetLastError` `GetSystemDirectoryW` `lstrcpyW` `LoadLibraryW` `GetProcAddress` `lstrcatW` `lstrlenW` `GetVersion`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39918`
MD5	`28683b6aa3bf8a170d1ceb9fa05bf362`
SHA1	`40845066b357fff695ee2d3e41c19e28442671ac`
SHA256	`728d514fdcaab8770f1a113f141428b4860027f6685356d74274c03e194d68a6`
SHA3	`43d751bf866f5bd39b82678daca2d56a0ad157584ad31fdd9433508ff72fd4d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68942`
MD5	`794fe7995c967ebd479f68359353ebc4`
SHA1	`7454c492fdd935a58fad5713290c48b8abb277ba`
SHA256	`d06002f9e317adc6377c0bc9af92fa7e9392fd74cd9928fd911729a1e8e3e6df`
SHA3	`6262f83326cca2298109be4fca6a38bc56c2410be8c357b160a2992d551489b5`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19524`
MD5	`656a46a1469ab351cbbabb430222cfef`
SHA1	`c51ce11d8aa49e4f06f57b7a25273aa561626a2b`
SHA256	`ed65f792943b4496d98ae4ffeb6cf2879f66659a5ccf4a97d757aa8ac01158ca`
SHA3	`a6093ef8743a6e5c998fb509d5fb10f93e8b7153fb8a44c7bb9099ad34a2fb2b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39647`
MD5	`a6108cd03cb0f5db421f61b8752931de`
SHA1	`a936ad05d5b8443da691436676bf0c2921125145`
SHA256	`22c393faa021742610b6d169cce062c06bed52e733154eada7effb5915b3c153`
SHA3	`40361f4e1428b3b48d78b002c1b02fbe69c296d380eb2f18ea72ee603bc653ac`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38456`
MD5	`cb155a58b9738e2ce7f0202ecfa2558a`
SHA1	`e3300091ba9256654a3cbb470c7533830a34cab1`
SHA256	`26a6223f5623e45cd64181ff93c6d178abd00d3f2ad41f1d1222381f90bbf0b5`
SHA3	`823e467a392d62a5179d167fd51a877fce14316bb37203ba25e30d439cc024c2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	26.0.0.0
ProductVersion	26.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion (#2)	26.00
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion (#2)	26.00

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x76eaf7c3`
Unmarked objects	`0`
ASM objects (40310)	`1`
Imports (40310)	`13`
Total imports	`81`
C objects (40310)	`24`
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336)	`1`
Resource objects (40310)	`1`
Linker (40310)	`1`

Errors

Leave a comment

No comments yet.