Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Mar-12 09:17:22 |
Detected languages |
English - United States
|
CompanyName | Igor Pavlov |
FileDescription | 7z Setup SFX |
FileVersion | 4.57 |
InternalName | 7zS.sfx |
LegalCopyright | Copyright (c) 1999-2007 Igor Pavlov |
OriginalFilename | 7zS.sfx.exe |
ProductName | 7-Zip |
ProductVersion | 4.57 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Malicious | The file headers were tampered with. | The RICH header checksum is invalid. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
8119957 bytes of data starting at offset 0x7d200.
The overlay data has an entropy of 7.99781 and is possibly compressed or encrypted. Overlay data amounts for 94.063% of the executable. |
Safe | VirusTotal score: 0/63 (Scanned on 2022-05-08 05:34:41) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0 |
e_cp | 0x28 |
e_crlc | 0x19 |
e_cparhdr | 0x20 |
e_minalloc | 0x4b7 |
e_maxalloc | 0x5b7 |
e_ss | 0x87d |
e_sp | 0x180 |
e_csum | 0 |
e_ip | 0x54 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x58c68 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2019-Mar-12 09:17:22 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x19c00 |
SizeOfInitializedData | 0xa800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0006B50A (Section: .text) |
BaseOfCode | 0x59000 |
BaseOfData | 0x73000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x80000 |
SizeOfHeaders | 0x58e00 |
Checksum | 0x80a80 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
KERNEL32.dll |
DeleteCriticalSection
MultiByteToWideChar WideCharToMultiByte GetLastError LoadLibraryA AreFileApisANSI GetModuleFileNameA GetModuleFileNameW LocalFree FormatMessageA FormatMessageW SetCurrentDirectoryA CloseHandle SetFileTime CreateFileW SetLastError SetFileAttributesA RemoveDirectoryA CreateDirectoryA DeleteFileA GetWindowsDirectoryA SetFileAttributesW RemoveDirectoryW CreateDirectoryW DeleteFileW lstrlenA GetFullPathNameA GetCurrentDirectoryA GetTempPathA GetTempFileNameA GetFullPathNameW FindClose FindFirstFileA FindFirstFileW FindNextFileA GetFileSize SetFilePointer ReadFile WriteFile SetEndOfFile CreateFileA GetStdHandle EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects VirtualAlloc VirtualFree WaitForSingleObject CreateEventA SetEvent ResetEvent InitializeCriticalSection Sleep GetVersionExA GetExitCodeProcess CreateProcessA GetCommandLineW LCMapStringW LCMapStringA GetStringTypeW GetStringTypeA GetLocaleInfoA IsValidCodePage GetOEMCP GetACP GetCPInfo GetSystemTimeAsFileTime GetCurrentProcessId GetTickCount QueryPerformanceCounter GetFileType SetHandleCount GetEnvironmentStringsW FreeEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsA InitializeCriticalSectionAndSpinCount HeapSize HeapCreate HeapReAlloc IsDebuggerPresent GetCurrentProcess TerminateProcess InterlockedDecrement RaiseException RtlUnwind HeapAlloc HeapFree ExitThread GetCurrentThreadId CreateThread GetModuleHandleW GetProcAddress ExitProcess GetCommandLineA GetStartupInfoA UnhandledExceptionFilter SetUnhandledExceptionFilter TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement |
USER32.dll |
DestroyWindow
PostMessageA ShowWindow EndDialog GetDlgItem KillTimer SetTimer SendMessageA MessageBoxW DialogBoxParamW DialogBoxParamA GetWindowLongA SetWindowLongA SetWindowTextW SetWindowTextA LoadStringW CharUpperW CharUpperA LoadStringA |
SHELL32.dll |
ShellExecuteExA
|
OLEAUT32.dll |
SysAllocString
VariantClear |
Extraction Failed |
File is corrupt |
Cannot create folder '{0}' |
Extracting |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.57.0.0 |
ProductVersion | 4.57.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Igor Pavlov |
FileDescription | 7z Setup SFX |
FileVersion (#2) | 4.57 |
InternalName | 7zS.sfx |
LegalCopyright | Copyright (c) 1999-2007 Igor Pavlov |
OriginalFilename | 7zS.sfx.exe |
ProductName | 7-Zip |
ProductVersion (#2) | 4.57 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x47bf20 |
SEHandlerTable | 0x477760 |
SEHandlerCount | 107 |
XOR Key | 0x8006d030 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 20 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 11 |
Total imports | 184 |
C objects (VS2008 SP1 build 30729) | 80 |
C++ objects (VS2008 SP1 build 30729) | 103 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |