Manalyze report for d64a0468f5b5b0b0fc5b2188450bcd655b70809d97b1c4535f2884635094377d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-27 15:00:00
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion	`26.01`
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion	`26.01`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress` `Can access the registry: RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegCloseKey RegQueryValueExW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The file contains overlay data.	`1612771 bytes of data starting at offset 0xb400.` `The file contains a 7-Zip compressed file after the PE data.` `Overlay data amounts for 97.2222% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-20 20:40:02)	`All the AVs think this file is safe.`

Hashes

MD5	`bed0747071a866109d26eced6c7751e0`
SHA1	`625e395ad8bd099a311c72e0d8e65d1c3bd6628a`
SHA256	`d64a0468f5b5b0b0fc5b2188450bcd655b70809d97b1c4535f2884635094377d`
SHA3	`b4e5cbfb9959619c346a2aa239c0c9ad6fa20031136cb4666c7a0a444b305a9f`
SSDeep	`49152:4VX0/V4ZUBGxZ+wfHXf6JIOGZKU5sc+ug2ksehzmh1TDR:4VXCVQlxkwfHXf6JIOGMc+ugswzmbTDR`
Imports Hash	`d00af420812a39241f821fb057cc3154`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2026-Apr-27 15:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x7e00`
SizeOfInitializedData	`0x6a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008810 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e5a683c86fefa1fe3893cbeedf49c51a`
SHA1	`ad0cc25969b6ec4e3d029943b9ddb578a3857d7c`
SHA256	`5bcbcd0ea58e9734b4cc2deec73f150576c817f2a3e33dc0d22846cb45036971`
SHA3	`758329e53446295930f5620f4e4166e49743b7758dd6d69d61106af90156fc95`
VirtualSize	`0x7d04`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.26846`

.rdata

MD5	`651e0b3dcb5871f8c77479e4c2faf43e`
SHA1	`22e43c287fecae4fea6c928250fb84d7f7f6c1cc`
SHA256	`d685b4ede12fb1211c779656622a6b74162f8b3981c15dafc6d0c98723b29011`
SHA3	`7700b8b28ddc5e4683b8189d16ade5fef12a42ca5d53a08c65e96f27722b9ed4`
VirtualSize	`0x1ab8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47827`

.data

MD5	`9475a59226943a3ad422e18169989f66`
SHA1	`4174927c59854c80d33c69e7a43856b2b6c6af84`
SHA256	`d839a3521723b8a55d09d8eed9848940b284828e4d09218202c3ee11046bc16d`
SHA3	`6a93cc87909571d767d237e39dc48f437ee4242cf646fe335698b2b191003d4e`
VirtualSize	`0x3960`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.pdata

MD5	`742fbc6ef77a3fa1d273db39e097214c`
SHA1	`8a2ed9f48ead16a3be908328c78d9ececa57c6e4`
SHA256	`080414cec22af3661ad7efa1d326cbcb7d3ff87b0d9f845a98f014a854f91dc7`
SHA3	`0475e07c1ec49a617efd4293cf4fa5ff76fce3af4ebbea139c4879d1dfc72c19`
VirtualSize	`0x390`
VirtualAddress	`0xf000`
SizeOfRawData	`0x400`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94082`

.rsrc

MD5	`a284c4a78f4810e7488e386e571b9dcc`
SHA1	`649ffc00c89702e0a2eb9ca04a041d83d26eda2e`
SHA256	`125131d2ab4daa191986a7b1011eb47ca1f9176266e1f369e62b7e279afc2efd`
SHA3	`ede132385da1f28fd08227617f4d09e5490a8d264dab11513b82c38ac885531d`
VirtualSize	`0xfe8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.3683`

Imports

ole32.dll	`CoInitialize` `CoCreateInstance`
USER32.dll	`MessageBoxW` `DestroyWindow` `ShowWindow` `SetWindowTextW` `EnableWindow` `GetDlgItem` `SetDlgItemTextW` `GetDlgItemTextW` `ExitWindowsEx` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `IsDialogMessageW` `GetMessageW` `LoadIconW` `CreateDialogParamW` `SendMessageW`
ADVAPI32.dll	`LookupPrivilegeValueW` `AdjustTokenPrivileges` `RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW` `OpenProcessToken`
SHELL32.dll	`SHGetFolderPathW` `SHGetPathFromIDListW` `SHBrowseForFolderW`
msvcrt.dll	`memcpy` `_c_exit` `__C_specific_handler` `free` `malloc` `memmove` `memcmp` `exit` `__set_app_type` `_fmode` `_commode` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `_cexit` `memset` `_exit` `_XcptFilter`
KERNEL32.dll	`CloseHandle` `CreateFileW` `GetCommandLineW` `GetModuleFileNameW` `ReadFile` `SetFileTime` `MoveFileExW` `GetCurrentProcess` `FormatMessageW` `LocalFree` `DeleteFileW` `WriteFile` `SetFilePointer` `GetModuleHandleW` `LoadLibraryExW` `GetStartupInfoA` `SetFileAttributesW` `GetFileAttributesW` `CreateDirectoryW` `GetLastError` `GetSystemDirectoryW` `lstrcpyW` `LoadLibraryW` `GetProcAddress` `lstrcatW` `lstrlenW` `GetVersion`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39918`
MD5	`28683b6aa3bf8a170d1ceb9fa05bf362`
SHA1	`40845066b357fff695ee2d3e41c19e28442671ac`
SHA256	`728d514fdcaab8770f1a113f141428b4860027f6685356d74274c03e194d68a6`
SHA3	`43d751bf866f5bd39b82678daca2d56a0ad157584ad31fdd9433508ff72fd4d8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68942`
MD5	`794fe7995c967ebd479f68359353ebc4`
SHA1	`7454c492fdd935a58fad5713290c48b8abb277ba`
SHA256	`d06002f9e317adc6377c0bc9af92fa7e9392fd74cd9928fd911729a1e8e3e6df`
SHA3	`6262f83326cca2298109be4fca6a38bc56c2410be8c357b160a2992d551489b5`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19524`
MD5	`656a46a1469ab351cbbabb430222cfef`
SHA1	`c51ce11d8aa49e4f06f57b7a25273aa561626a2b`
SHA256	`ed65f792943b4496d98ae4ffeb6cf2879f66659a5ccf4a97d757aa8ac01158ca`
SHA3	`a6093ef8743a6e5c998fb509d5fb10f93e8b7153fb8a44c7bb9099ad34a2fb2b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41655`
MD5	`197277651df397ee931c4770a77139aa`
SHA1	`78ee0b5d3f19ed6beb1439502e73fb17bf5e9410`
SHA256	`04703b620701b09d71629b371b88454e989f0049b9dc738dd5f85d437e8b60c9`
SHA3	`ad9fb4e66d564d977ffa79ff16012b498594f38c370e94a037f93be6094d9a7f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38456`
MD5	`cb155a58b9738e2ce7f0202ecfa2558a`
SHA1	`e3300091ba9256654a3cbb470c7533830a34cab1`
SHA256	`26a6223f5623e45cd64181ff93c6d178abd00d3f2ad41f1d1222381f90bbf0b5`
SHA3	`823e467a392d62a5179d167fd51a877fce14316bb37203ba25e30d439cc024c2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	26.1.0.0
ProductVersion	26.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Installer
FileVersion (#2)	26.01
InternalName	7zipInstall
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7zipInstall.exe
ProductName	7-Zip
ProductVersion (#2)	26.01

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x76eaf7c3`
Unmarked objects	`0`
ASM objects (40310)	`1`
Imports (40310)	`13`
Total imports	`81`
C objects (40310)	`24`
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336)	`1`
Resource objects (40310)	`1`
Linker (40310)	`1`

Errors

Leave a comment

No comments yet.