Manalyze report for b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-23 23:18:48
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip NSIS Plug-in
FileVersion	`19.00.0.0`
InternalName	nsis7z
LegalCopyright	Copyright (c) 1999-2016 Igor Pavlov, Nik Medved, Marek Mizanin, Stuart Welch
OriginalFilename	nsis7z.dll
ProductName	7-Zip
ProductVersion	`19.00.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to AES`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-19 20:35:26)	`All the AVs think this file is safe.`

Hashes

MD5	`80e44ce4895304c6a3a831310fbf8cd0`
SHA1	`36bd49ae21c460be5753a904b4501f1abca53508`
SHA256	`b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592`
SHA3	`946326fc60557c85341e0186587b89b86ffec863bfdd38df8cf9b26e3b4bfdfb`
SSDeep	`6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck`
Imports Hash	`2656ea25cde98f31a490513c2db04ae8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Mar-23 23:18:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x50e00`
SizeOfInitializedData	`0x1fe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00041918 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x52000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x74000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`74295b305030c99451e5862a9faa7adc`
SHA1	`1bfdc78d4758b2bf5a61ae8da3d5a7f525ceb86c`
SHA256	`bb7098fc57ce53d43036c73b97504016246952957df40f7f0d2271088c5f578c`
SHA3	`6c8519092e931d13bbc0230c79d2325d652339b4c160931bae87f77fdfd5d847`
VirtualSize	`0x50d0a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x50e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66002`

.rdata

MD5	`4a06727944ddbc485d42b758e57740ac`
SHA1	`146f29ac531bb9d4b6912c73600195eb38f6b8c8`
SHA256	`bbd17367362b80a9b812149065b9c7ca1c422e514d0ca0ba32936c8577ac6406`
SHA3	`4c23fab34189c924937bdf324f7b50903384d456c92cf52ddcf562aeaa0fa81c`
VirtualSize	`0x12238`
VirtualAddress	`0x52000`
SizeOfRawData	`0x12400`
PointerToRawData	`0x51200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.86045`

.data

MD5	`8ae19ea81a1512c710f001a4673ec504`
SHA1	`58deb93b7bff6d754d036ec713b96a656461afd1`
SHA256	`24ab2b406b914a3fb8a291867149b18935c4444584f7e3cead279edccafc5325`
SHA3	`a04a524c35e3463538ee10fe4eb3521c3852097098efa79d70b6e83770002ebe`
VirtualSize	`0x8e10`
VirtualAddress	`0x65000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x63600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.45691`

.rsrc

MD5	`82c2e63a3cd2b6e12fdb2435648d0d80`
SHA1	`035d196903278ac9de7fcfd763edbaa218a850ac`
SHA256	`28eadbb7e922af90acde1af333c202ac777106662a6e22f47c325d98a678da06`
SHA3	`b794c05da21b45400f3f560a3b554b0d766f0fb73c95fafcac16c535ad96680b`
VirtualSize	`0x390`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x400`
PointerToRawData	`0x65600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.02382`

.reloc

MD5	`b0c3bcaa26ff587e7a3ce22965dbe3cd`
SHA1	`49193aaa72263d919163391e08d18381337f2b0b`
SHA256	`c7abffe18a003e4a76912b55a75133c8c57b150f8dde69babfd23ac2e6781d30`
SHA3	`7fd153315416d5605f7faaef55131d01c9144b366e2b8cf49f9da5bb4aa9a565`
VirtualSize	`0x45b4`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x65a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43664`

Imports

KERNEL32.dll	`LocalFree` `FormatMessageW` `GetFileInformationByHandle` `SetLastError` `DeviceIoControl` `GetModuleHandleW` `GetProcAddress` `HeapAlloc` `HeapFree` `GetProcessHeap` `GetSystemTimeAsFileTime` `GetStdHandle` `WaitForMultipleObjects` `GetTickCount` `GetConsoleMode` `AreFileApisANSI` `SetFileApisToOEM` `SetFileApisToANSI` `GlobalAlloc` `GlobalFree` `lstrcpynW` `lstrcpyW` `MultiByteToWideChar` `WideCharToMultiByte` `FreeLibrary` `GetModuleFileNameW` `LoadLibraryExW` `GetCurrentDirectoryW` `CreateDirectoryW` `CreateSemaphoreW` `RemoveDirectoryW` `SetFileAttributesW` `SetFileTime` `GetTempPathW` `GetCurrentProcessId` `GetCurrentThreadId` `MoveFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetFileAttributesW` `GetModuleHandleA` `SetEndOfFile` `GetCurrentProcess` `GetSystemInfo` `GlobalMemoryStatus` `GetProcessAffinityMask` `IsProcessorFeaturePresent` `WriteConsoleW` `HeapSize` `GetStringTypeW` `DecodePointer` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `WaitForSingleObject` `CreateEventW` `ReleaseSemaphore` `ResetEvent` `SetEvent` `InitializeCriticalSection` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `GetVersionExW` `VirtualFree` `VirtualAlloc` `GetLastError` `CloseHandle` `WriteFile` `SetFilePointer` `ReadFile` `GetFileSize` `CreateFileW` `DeleteFileW` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindFirstFileExW` `SetFilePointerEx` `GetFileSizeEx` `GetConsoleCP` `FlushFileBuffers` `GetFileType` `HeapReAlloc` `LCMapStringW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `InitializeSListHead` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess`
USER32.dll	`SendMessageW` `FindWindowExW` `SetWindowTextW` `GetDlgItem` `wsprintfW` `CharUpperW`
ADVAPI32.dll	`SetFileSecurityW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken`
OLEAUT32.dll	`VariantClear` `SysAllocStringLen` `SysStringLen` `SysFreeString` `VariantCopy`

Delayed Imports

Extract

Ordinal	`1`
Address	`0x2dbdf`

ExtractWithCallback

Ordinal	`2`
Address	`0x2dc90`

ExtractWithDetails

Ordinal	`3`
Address	`0x2dd4b`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45087`
MD5	`878f322c171021830aa30f617dd9c84a`
SHA1	`ae95e0fe33b303df50a98f4e8ecbf19c141251c6`
SHA256	`38dce98f573c21b24586dbf857dd2f0c38d6e82fc02f1d55d02e1729ac59f5db`
SHA3	`459d2ef3cef5aac0c78dac08516b09c9108e77228bd0cb0ce64e23190f42f83b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	19.0.0.0
ProductVersion	19.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip NSIS Plug-in
FileVersion (#2)	19.00.0.0
InternalName	nsis7z
LegalCopyright	Copyright (c) 1999-2016 Igor Pavlov, Nik Medved, Marek Mizanin, Stuart Welch
OriginalFilename	nsis7z.dll
ProductName	7-Zip
ProductVersion (#2)	19.00.0.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Mar-23 23:18:48
Version	`0.0`
SizeofData	`724`
AddressOfRawData	`0x5e06c`
PointerToRawData	`0x5d26c`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x100652b4`
SEHandlerTable	`0x1005dd50`
SEHandlerCount	`199`

RICH Header

XOR Key	`0x3258fc08`
Unmarked objects	`0`
ASM objects (26213)	`12`
C++ objects (26213)	`152`
C++ objects (VS 2015/2017 runtime 26706)	`35`
C objects (VS 2015/2017 runtime 26706)	`16`
ASM objects (VS 2015/2017 runtime 26706)	`20`
C objects (26213)	`19`
Imports (26213)	`15`
Total imports	`190`
C objects (VS2017 v15.9.5-6 compiler 27026)	`43`
C++ objects (VS2017 v15.9.5-6 compiler 27026)	`131`
Exports (VS2017 v15.9.5-6 compiler 27026)	`1`
Resource objects (VS2017 v15.9.5-6 compiler 27026)	`1`
151	`1`
Linker (VS2017 v15.9.5-6 compiler 27026)	`1`

Errors

Leave a comment

No comments yet.