Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2021-May-06 07:00:00 |
Detected languages |
English - United States
|
CompanyName | Igor Pavlov |
FileDescription | 7-Zip Console |
FileVersion | 21.02 alpha |
InternalName | 7z |
LegalCopyright | Copyright (c) 1999-2021 Igor Pavlov |
OriginalFilename | 7z.exe |
ProductName | 7-Zip |
ProductVersion | 21.02 alpha |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/69 (Scanned on 2021-05-06 11:05:51) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2021-May-06 07:00:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x51a00 |
SizeOfInitializedData | 0x28000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000051A50 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x7d000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
OLEAUT32.dll |
SysStringLen
VariantClear VariantCopy SysAllocString SysStringByteLen SysFreeString SysAllocStringLen |
---|---|
USER32.dll |
CharUpperW
|
ADVAPI32.dll |
OpenProcessToken
GetFileSecurityW SetFileSecurityW RegOpenKeyExW RegQueryValueExW AdjustTokenPrivileges LookupPrivilegeValueW RegCloseKey |
msvcrt.dll |
_exit
_c_exit _XcptFilter _onexit __dllonexit ??1type_info@@UEAA@XZ ?terminate@@YAXXZ __C_specific_handler _beginthreadex _isatty memcmp _purecall memset strlen wcsstr _cexit wcscmp strcmp memmove fflush fputc fputs _iob fgetc fclose free _CxxThrowException malloc __CxxFrameHandler memcpy __initenv exit __getmainargs _initterm __setusermatherr _commode _fmode __set_app_type |
KERNEL32.dll |
SetThreadAffinityMask
CreateEventW SetEvent InitializeCriticalSection GetVersionExW SetFileTime ResumeThread WaitForSingleObject VirtualFree VirtualAlloc GetConsoleMode SetConsoleMode SetFileApisToOEM GetCommandLineW GetConsoleScreenBufferInfo SetConsoleCtrlHandler GetProcessTimes QueryPerformanceFrequency QueryPerformanceCounter LeaveCriticalSection EnterCriticalSection DeleteCriticalSection SetProcessAffinityMask OpenEventW UnmapViewOfFile MapViewOfFile OpenFileMappingW GetStdHandle GetSystemTimeAsFileTime FileTimeToDosDateTime GetOEMCP GetACP IsProcessorFeaturePresent GlobalMemoryStatusEx GetSystemInfo GetProcessAffinityMask FileTimeToLocalFileTime FileTimeToSystemTime CompareFileTime GetCurrentProcess GetDiskFreeSpaceW SetEndOfFile WriteFile ReadFile SetFilePointer GetLastError MultiByteToWideChar WideCharToMultiByte FreeLibrary LoadLibraryExW LoadLibraryW GetModuleFileNameW LocalFree FormatMessageW CloseHandle CreateFileW SetFileAttributesW RemoveDirectoryW MoveFileW GetProcAddress GetModuleHandleW CreateDirectoryW DeleteFileW SetCurrentDirectoryW GetCurrentDirectoryW GetTempPathW SetLastError GetCurrentProcessId GetTickCount GetCurrentThreadId GetFileInformationByHandle FindClose FindFirstFileW FindNextFileW GetModuleHandleA GetFileAttributesW GetLogicalDriveStringsW DeviceIoControl GetFileSize |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 21.2.0.0 |
ProductVersion | 21.2.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Igor Pavlov |
FileDescription | 7-Zip Console |
FileVersion (#2) | 21.02 alpha |
InternalName | 7z |
LegalCopyright | Copyright (c) 1999-2021 Igor Pavlov |
OriginalFilename | 7z.exe |
ProductName | 7-Zip |
ProductVersion (#2) | 21.02 alpha |
Resource LangID | English - United States |
---|
XOR Key | 0x24c2c384 |
---|---|
Unmarked objects | 0 |
ASM objects (40310) | 1 |
Imports (40310) | 11 |
Total imports | 154 |
C++ objects (40310) | 76 |
C objects (VS2019 Update 8 (16.8.4) compiler 29336) | 1 |
C objects (40310) | 15 |
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336) | 1 |
Resource objects (40310) | 1 |
Linker (40310) | 1 |