Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Apr-02 22:14:51 |
CompanyName | Oleg N. Scherbakov |
FileDescription | 7z Setup SFX (x86) |
FileVersion | 1.7.0.3900 |
InternalName | 7ZSfxMod |
LegalCopyright | Copyright © 2005-2016 Oleg N. Scherbakov |
OriginalFilename | 7ZSfxMod_x86.exe |
PrivateBuild | April 1, 2016 |
ProductName | 7-Zip SFX |
ProductVersion | 1.7.0.3900 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to AES |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Piriform Software Ltd
Issuer: DigiCert SHA2 Assured ID Code Signing CA The file was modified after it was signed. |
Malicious | VirusTotal score: 19/69 (Scanned on 2021-05-13 18:36:25) |
Bkav:
W32.AIDetect.malware1
Sangfor: Backdoor.Win32.Agent.ky Symantec: Trojan.Gen.2 ESET-NOD32: Win32/Agent.ACXU Avast: FileRepMalware Kaspersky: Backdoor.Win32.Agent.myuawa Emsisoft: Trojan.Dropper (A) McAfee-GW-Edition: Artemis Jiangmin: HackTool.Agent.dhf Kingsoft: Win32.Hack.Undef.(kcloud) Microsoft: Trojan:Win32/Wacatac.B!ml Cynet: Malicious (score: 100) McAfee: Artemis!C528E0069A2B Malwarebytes: Malware.AI.2367053252 eGambit: PE.Heur.InvalidSig Fortinet: PossibleThreat.PALLAS.H Webroot: Pua.Opencandy AVG: FileRepMalware CrowdStrike: win/malicious_confidence_90% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x60 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x60 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2016-Apr-02 22:14:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x18200 |
SizeOfInitializedData | 0x4ce00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001876F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x68000 |
SizeOfHeaders | 0x200 |
Checksum | 0x1e0872 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
SHELL32.dll |
ShellExecuteExW
ShellExecuteW SHGetMalloc SHGetPathFromIDListW SHBrowseForFolderW SHGetFileInfoW SHGetSpecialFolderPathW |
GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
USER32.dll |
GetParent
ScreenToClient CreateWindowExW GetDesktopWindow GetWindowTextLengthW SetWindowPos SetTimer GetMessageW CopyImage KillTimer CharUpperW SendMessageW ShowWindow BringWindowToTop wsprintfW MessageBoxW EndDialog ReleaseDC GetWindowDC GetMenu GetWindowLongW GetClassNameA wsprintfA DispatchMessageW SetWindowTextW GetSysColor DestroyWindow MessageBoxA GetKeyState IsWindow GetDlgItem GetClientRect GetSystemMetrics SetWindowLongW UnhookWindowsHookEx SetFocus SystemParametersInfoW DrawTextW GetDC ClientToScreen GetWindow DialogBoxIndirectParamW DrawIconEx CallWindowProcW DefWindowProcW CallNextHookEx PtInRect SetWindowsHookExW LoadImageW LoadIconW MessageBeep EnableWindow EnableMenuItem GetSystemMenu CreateWindowExA wvsprintfW GetWindowTextW GetWindowRect |
ole32.dll |
CreateStreamOnHGlobal
CoCreateInstance CoInitialize |
OLEAUT32.dll |
SysAllocStringLen
VariantClear SysFreeString OleLoadPicture SysAllocString |
KERNEL32.dll |
SetFileTime
SetEndOfFile GetFileInformationByHandle VirtualFree GetModuleHandleA WaitForMultipleObjects VirtualAlloc ReadFile SetFilePointer GetFileSize LeaveCriticalSection EnterCriticalSection DeleteCriticalSection FormatMessageW lstrcpyW LocalFree IsBadReadPtr GetSystemDirectoryW GetCurrentThreadId SuspendThread TerminateThread InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize SetEnvironmentVariableW GetDriveTypeW CreateFileW LoadLibraryA SetThreadLocale GetSystemTimeAsFileTime ExpandEnvironmentStringsW CompareFileTime WideCharToMultiByte GetTempPathW GetCurrentDirectoryW GetEnvironmentVariableW lstrcmpiW GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource GetModuleHandleW FindFirstFileW lstrcmpW DeleteFileW FindNextFileW FindClose RemoveDirectoryW GetStdHandle WriteFile lstrlenA CreateDirectoryW GetFileAttributesW SetCurrentDirectoryW GetLocalTime SystemTimeToFileTime CreateThread GetExitCodeThread Sleep SetFileAttributesW GetDiskFreeSpaceExW SetLastError GetTickCount lstrlenW ExitProcess lstrcatW GetProcAddress CloseHandle WaitForSingleObject GetExitCodeProcess GetQueuedCompletionStatus ResumeThread SetInformationJobObject CreateIoCompletionPort AssignProcessToJobObject CreateJobObjectW GetLastError CreateProcessW GetStartupInfoW GetCommandLineW GetStartupInfoA |
MSVCRT.dll |
_purecall
??2@YAPAXI@Z _wtol memset memmove memcpy _wcsnicmp _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln exit _XcptFilter _exit ??1type_info@@UAE@XZ _onexit __dllonexit malloc realloc free wcsstr _CxxThrowException _beginthreadex _EH_prolog ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z strncmp wcsncmp wcsncpy strncpy ??3@YAXPAX@Z |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.7.0.3900 |
ProductVersion | 1.7.0.3900 |
FileFlags |
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | Oleg N. Scherbakov |
FileDescription | 7z Setup SFX (x86) |
FileVersion (#2) | 1.7.0.3900 |
InternalName | 7ZSfxMod |
LegalCopyright | Copyright © 2005-2016 Oleg N. Scherbakov |
OriginalFilename | 7ZSfxMod_x86.exe |
PrivateBuild | April 1, 2016 |
ProductName | 7-Zip SFX |
ProductVersion (#2) | 1.7.0.3900 |
Resource LangID | UNKNOWN |
---|