d797bd6315e418434da3cec49e4e00ccadd45aea6ae33d359597b81c74712ebf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2004-Jan-23 23:39:42
Detected languages English - United States
Debug artifacts Embedded COFF debugging symbols
CompanyName Igor Pavlov
FileDescription 7z Setup SFX
FileVersion 4.42
InternalName 7zS.sfx
LegalCopyright Copyright (c) 1999-2006 Igor Pavlov
OriginalFilename 7zS.sfx.exe
ProductName 7-Zip
ProductVersion 4.42

Plugin Output

Suspicious PEiD Signature: PolyEnE 0.01+ by Lennart Hedlund
Upack 0.399 -> Dwing
Upack v0.39 final -> Sign by hot_UNP
Suspicious The PE is possibly packed. Unusual section name found: PS\xff\xd5\xab\xeb\xe7\xc3
Section PS\xff\xd5\xab\xeb\xe7\xc3 is both writable and executable.
Unusual section name found: \x00\x10@\x00X\x0cC
Section \x00\x10@\x00X\x0cC is both writable and executable.
Unusual section name found: ;7B\x00\xfc\x0f@
Section ;7B\x00\xfc\x0f@ is both writable and executable.
The PE only has 2 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 26/70 (Scanned on 2026-03-29 01:42:00) APEX: Malicious
AhnLab-V3: Spyware/Win32.Gampass.C204062
Antiy-AVL: GrayWare/Win32.Kryptik.pe
Bkav: W32.AIDetectMalware.CS
CTX: exe.trojan.generic
ClamAV: Win.Trojan.Generic-9938494-0
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
Elastic: malicious (high confidence)
Google: Detected
Gridinsoft: Pack.Win32.Gen.bot!ep-13077
Ikarus: Trojan-Dropper.Agent
Malwarebytes: Malware.AI.1518019728
MaxSecure: Trojan.Malware.8328611.susgen
McAfeeD: ti!D797BD6315E4
Paloalto: generic.ml
Panda: Trj/Pupack.A
Skyhigh: BehavesLike.Win32.AdwareDoma.wc
Sophos: Generic ML PUA (PUA)
Trapmine: malicious.high.ml.score
TrellixENS: Artemis!AD5056389013
Varist: W32/Virtumonde.BW.gen!Eldorado
Webroot: W32.Malware.Gen
Xcitium: Packed.Win32.MUPACK.~KW@1huqxy
Yandex: Trojan.DownLoader!BfbG1isVn1A

Hashes

MD5 ad5056389013ba7b8ea0fe5305487526
SHA1 16aa139d68c729fbfa560ff331a443df66d74a14
SHA256 d797bd6315e418434da3cec49e4e00ccadd45aea6ae33d359597b81c74712ebf
SHA3 c4aa9db2702b6e4221f54bf8f3c7ce250208c057cb8f13be4bfcbd10bba4e396
SSDeep 49152:dzXfLASdhbFpYRGpVw9xCzow0GjgPZ8mU7rCGKMf6bHhIoZRXAuvsgAH5wKxpQtW:dzTbeG3fzaGKymiKDbB/DkgM5wcpQTc
Imports Hash 87bed5a7cba00c7e1f4015f1bdae2183

DOS Header

e_magic MZ
e_cblp 0x454b
e_cp 0x4e52
e_crlc 0x4c45
e_cparhdr 0x3233
e_minalloc 0x442e
e_maxalloc 0x4c4c
e_ss 0
e_sp 0x4550
e_csum 0
e_ip 0x14c
e_cs 0x3
e_ovno 0x4011
e_oemid 0x148
e_oeminfo 0x10f
e_lfanew 0x10

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2004-Jan-23 23:39:42
PointerToSymbolTable 0xff50ad00
NumberOfSymbols 2095789174
SizeOfOptionalHeader 0x148
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 76.58
SizeOfCode 0x694c6461
SizeOfInitializedData 0x72617262
SizeOfUninitializedData 0x4179
AddressOfEntryPoint 0x00001018 (Section: PS\xff\xd5\xab\xeb\xe7\xc3)
BaseOfCode 0x10
BaseOfData 0x19000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.3A
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x36000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 10

PS\xff\xd5\xab\xeb\xe7\xc3

MD5 655734c8bf13e523ff1dee38c6796a19
SHA1 764e657abdd1ed7357244e64dd47c5583b78ac6e
SHA256 0273a8459ada3afcd217c73292511e27bc5e4f3d437360e6e7c6ca328e4760ed
SHA3 69c1a564fab3f6ff1cef3de5feea802ca6a48ac408d0ae673d543d13357bf08d
VirtualSize 0x23000
VirtualAddress 0x1000
SizeOfRawData 0x1f0
PointerToRawData 0x10
PointerToRelocations 0x424880
PointerToLineNumbers 0x430c23
NumberOfLineNumbers 0
NumberOfRelocations 3486
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.30699

\x00\x10@\x00X\x0cC

MD5 8b47d64d77af67e50b8a23fae8122a3c
SHA1 cfbd2eeef75dd97145331b1f072204de8e4843c2
SHA256 77b4c4f19020d8013636815370ddedd1d2cf34117649d791b528fbeac58f49b2
SHA3 da0106941435c967f7cc61c6162216ba58ad7abc77372d11240d97121bed9782
VirtualSize 0x11000
VirtualAddress 0x24000
SizeOfRawData 0xcd80
PointerToRawData 0x200
PointerToRelocations 0x412c8f
PointerToLineNumbers 0x422fff
NumberOfLineNumbers 67
NumberOfRelocations 3456
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.95422

;7B\x00\xfc\x0f@

MD5 655734c8bf13e523ff1dee38c6796a19
SHA1 764e657abdd1ed7357244e64dd47c5583b78ac6e
SHA256 0273a8459ada3afcd217c73292511e27bc5e4f3d437360e6e7c6ca328e4760ed
SHA3 69c1a564fab3f6ff1cef3de5feea802ca6a48ac408d0ae673d543d13357bf08d
VirtualSize 0x1000
VirtualAddress 0x35000
SizeOfRawData 0x1f0
PointerToRawData 0x10
PointerToRelocations 0x430bf0
PointerToLineNumbers 0x430bf3
NumberOfLineNumbers 67
NumberOfRelocations 3074
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.30699

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
TÚãÛ u½¯rJw¾>JöéàÎËY“>§ÖOC¢#~ˆµÏ+ÿ@¼Så08¿ÜûZR}OeF¾ÓžÖ¼GÈáêæ̽’üÛB<( ·VŒaóH/ (EMPTY)

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.75404
MD5 45dfb274318b08cbcf6c20733ca0ecb0
SHA1 92b48f895f6f1296bfd00b57801890ec4e3779ec
SHA256 12433a0afda687b794b86c11b19d92c96d437765fe7513056c249136ff4e2c41
SHA3 bff76d485f8f0f9097d9c287512c59a006bc878edcc35272760b9280d8abfce0

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.18403
MD5 a792cef939f02d76cd876d1da1ffd1b7
SHA1 63e2d98ac53e5763e269277d05a1d1737dc04974
SHA256 fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb
SHA3 39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7

500

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.91465
MD5 8c3cb3de6e9cecb79d0610d9c468a494
SHA1 42088cc5cc41bf38f1e51df4e0b3e51eb23aa721
SHA256 f3b38c957fe8162ef1478b24c21588bcabb87300bbfa8c101d8fa015fa26ab3f
SHA3 c26313cc9e848bb0f943fd71ff5ef2947334b6ad5fb2952a6a583a6c3181304a

1 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x94
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.77344
MD5 1b572a2198584ccd7a3095ca65756a3d
SHA1 3deb5c72285e665f4c2a0424f97687ec5b38eec0
SHA256 5d796d491786e6c75b00dbc4228ab993613647cdd7f86e3684f58c02e34505cf
SHA3 c716f69717d095ab1bb99b48545ffec6322f745d9b006546bd706f3c872898c9

5

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.50813
MD5 2855a674e120aa966d043ee82eafb2df
SHA1 3b72a4749459e34bc999f8029bf921fd842e64cd
SHA256 93d01a0561558153d05170aeb8b2a83d7db123f3bdc81e2f1dd2375830847162
SHA3 09b0622badf6b413e6c64d970534e28491bf8097d3c3895ce61950f464d5902f

159

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x276
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43752
MD5 1e917d3d44e0d16ab292382149db7211
SHA1 4fd41971ab14ea4159718ef9601f44d35db67b01
SHA256 2ad74ac966372929b0bf8176ae956299feff3126045aa119e0ee4555a2da9543
SHA3 b44ad3dea1e71ed1d1d5f33504be34f152f5b8349fce75b7b836d87ec7dd7a94

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.42.0.0
ProductVersion 4.42.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Igor Pavlov
FileDescription 7z Setup SFX
FileVersion (#2) 4.42
InternalName 7zS.sfx
LegalCopyright Copyright (c) 1999-2006 Igor Pavlov
OriginalFilename 7zS.sfx.exe
ProductName 7-Zip
ProductVersion (#2) 4.42
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a COFF symbol. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [*] Warning: Could not read an import's name. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [!] Error: Could not reach an IMPORT_LOOKUP_TABLE. [*] Warning: An error occurred while trying to read functions imported by module T��� u��rJw�>J�����Y�>��OC¢#~���+�@�S�08���ZR}OeF�ӞּG����̽���B<( �V�a�H/. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [*] Warning: directory 6 has a size of 0! This PE may have been manually crafted! [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Could not read a WIN_CERTIFICATE's header. [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
Leave a comment

No comments yet.