e2c31578a6e793f050b6328ee62955b8

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-May-06 07:00:00
Detected languages English - United States
CompanyName Igor Pavlov
FileDescription 7-Zip Console
FileVersion 21.02 alpha
InternalName 7z
LegalCopyright Copyright (c) 1999-2021 Igor Pavlov
OriginalFilename 7z.exe
ProductName 7-Zip
ProductVersion 21.02 alpha

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • HARDWARE\DESCRIPTION\System
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • GetProcAddress
Can access the registry:
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCloseKey
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Enumerates local disk drives:
  • GetLogicalDriveStringsW
Changes object ACLs:
  • SetFileSecurityW
Safe VirusTotal score: 0/69 (Scanned on 2021-05-06 11:05:51) All the AVs think this file is safe.

Hashes

MD5 e2c31578a6e793f050b6328ee62955b8
SHA1 e49d63e7cebcece367c96b1016f770d7c7b1e7fb
SHA256 5b151c50a003cc658213009d242295c406350942a47fa3fe114563a1cab56000
SHA3 2e8af961bbd5490ded1fa2d088d5273f8a762aadf47007e52ac252885b62087a
SSDeep 6144:23g1AiG1i3NELQ+rcYcV1ck0WEe5EKFwYwU4xlpoW2/H3SSPMSw48SkuXM67wm:ig1AB1i3aLQ+gt0Y2Pny3SBuXMA
Imports Hash 5c123ccd87614c86a62476c54033b865

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2021-May-06 07:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 8.0
SizeOfCode 0x51a00
SizeOfInitializedData 0x28000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000051A50 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x7d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c6f6652e5690eebdfc8993ecf5f10c03
SHA1 dfa2de2af5be3576de1b7fe290d391e750c266a9
SHA256 b4a248851a089f188fbe9dd7f3204bbc4d16146f75e05b6b587c70b84f1219d7
SHA3 68ca9a39f21d70ebb4ddeea21fb10a6bdeae62dff77e31a963ba59d53c6604ac
VirtualSize 0x519ca
VirtualAddress 0x1000
SizeOfRawData 0x51a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.29399

.rdata

MD5 1fdbd04525e7ec263808b4de622b2d3c
SHA1 848cc6551a39994513d0f7438494aa12841daea3
SHA256 e5f91a6883dd96e839dfccd1767ec860361ffd61d62d1b3f17556b6013d81ec0
SHA3 5b07445ca3e2f92b305a55c1e48b409ac74cc47fbe8e34ca614e3a396a72be70
VirtualSize 0x1d31a
VirtualAddress 0x53000
SizeOfRawData 0x1d400
PointerToRawData 0x51e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.85388

.data

MD5 3e3ce653a9376b2db4400e4513826361
SHA1 2b82604636e334cfceb71c210ca352716435019e
SHA256 3407d358b7bb782e9b4ed0f646bbdb145a76979a8eb1b24c6b6d183bcd2dc717
SHA3 1e241b6acbd8cca1a50d7d6a8a649478302b1c8381ca6c7a1c89d1978421819b
VirtualSize 0x2cf8
VirtualAddress 0x71000
SizeOfRawData 0x800
PointerToRawData 0x6f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.16944

.pdata

MD5 e3d22d78c06f60440046bd6513e48300
SHA1 3c400f2faad32890774eb257826eecc09f2e65d8
SHA256 aaf97b2c88810d2d30642ebc402ca698965d9e7adec961a8acdd2bcf1285027f
SHA3 5d6a469e31bdc622a434bb732691e8b87b2e8bbceb7a43e4d0e66f7d60188694
VirtualSize 0x6558
VirtualAddress 0x74000
SizeOfRawData 0x6600
PointerToRawData 0x6fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.73774

.rsrc

MD5 076632f106b0fd0b31de414310d704ef
SHA1 bb2bb855df9e5962df3683fdc1c699e7ffabacf5
SHA256 bb1380e241ad1726dba21e2b1139933e04cd0fae1554ce52a002db9e7e63f524
SHA3 df641a559f83597bea99174fa08976ec310bde756cd7a80a89d354a6ccbaf37a
VirtualSize 0x6f8
VirtualAddress 0x7b000
SizeOfRawData 0x800
PointerToRawData 0x76000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.46717

.reloc

MD5 ec1940c36042d89418933e6adabe0b69
SHA1 cf746029a8c614b9ca3d49d6ed25d96bbbb54426
SHA256 9c7d0eb07fcddb16845f6f88af2b3e2966bccec19a1030d7f48f0aa0dd827cac
SHA3 c43c3c2e0f4406d494026308aca92512854fb9794250c88c42e29e189fb5e0f2
VirtualSize 0xe16
VirtualAddress 0x7c000
SizeOfRawData 0x1000
PointerToRawData 0x76800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.19512

Imports

OLEAUT32.dll SysStringLen
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
SysFreeString
SysAllocStringLen
USER32.dll CharUpperW
ADVAPI32.dll OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
msvcrt.dll _exit
_c_exit
_XcptFilter
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_beginthreadex
_isatty
memcmp
_purecall
memset
strlen
wcsstr
_cexit
wcscmp
strcmp
memmove
fflush
fputc
fputs
_iob
fgetc
fclose
free
_CxxThrowException
malloc
__CxxFrameHandler
memcpy
__initenv
exit
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
KERNEL32.dll SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
GetVersionExW
SetFileTime
ResumeThread
WaitForSingleObject
VirtualFree
VirtualAlloc
GetConsoleMode
SetConsoleMode
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetProcessTimes
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetProcessAffinityMask
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetOEMCP
GetACP
IsProcessorFeaturePresent
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
DeviceIoControl
GetFileSize

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2c4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41257
MD5 ca21c34a50cbd9da0f16e2cb661bf869
SHA1 d4aa88a0c566b5e1ab0ce801d400c07de36bf680
SHA256 8ef22a041bb81bbe6caf24c4418e92cb7b20223c5899a72cdb0c5ed89b384376
SHA3 9e981b4e8d3ea9981812d51650bc24068c8047a0605062e51560005dc9fca831

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x38e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.36954
MD5 445ab0be1ebbb45eac34dd03f4204971
SHA1 cda51970a44a9b2ca92f1ce56607bffd3d39bf5f
SHA256 fd3f18e6ec417eb0f63a003d9808553b3194f6fab33a8bf618d18a476944a5e6
SHA3 b5552a2682a529c160d7341b7b2ed8173a8ed7082e2c10f7513dd6b3e206c045

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 21.2.0.0
ProductVersion 21.2.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Igor Pavlov
FileDescription 7-Zip Console
FileVersion (#2) 21.02 alpha
InternalName 7z
LegalCopyright Copyright (c) 1999-2021 Igor Pavlov
OriginalFilename 7z.exe
ProductName 7-Zip
ProductVersion (#2) 21.02 alpha
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x24c2c384
Unmarked objects 0
ASM objects (40310) 1
Imports (40310) 11
Total imports 154
C++ objects (40310) 76
C objects (VS2019 Update 8 (16.8.4) compiler 29336) 1
C objects (40310) 15
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336) 1
Resource objects (40310) 1
Linker (40310) 1

Errors

<-- -->