Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Mar-20 07:29:20 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | Oleg N. Scherbakov |
FileDescription | 7z Setup SFX (x86) |
FileVersion | 1.6.2.3888 |
InternalName | 7ZSfxMod |
LegalCopyright | Copyright © 2005-2015 Oleg N. Scherbakov |
OriginalFilename | 7ZSfxMod_x86.exe |
PrivateBuild | March 20, 2016 |
ProductName | 7-Zip SFX |
ProductVersion | 1.6.2.3888 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to AES |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Piriform Software Ltd
Issuer: DigiCert SHA2 Assured ID Code Signing CA The file was modified after it was signed. |
Malicious | VirusTotal score: 5/68 (Scanned on 2021-04-08 07:45:19) |
Bkav:
W32.AIDetect.malware2
Rising: Trojan.HiddenRun/SFX!1.D2BC (CLASSIC) Jiangmin: TrojanDropper.Agent.gifx eGambit: PE.Heur.InvalidSig CrowdStrike: win/malicious_confidence_60% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x60 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x60 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2016-Mar-20 07:29:20 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x18200 |
SizeOfInitializedData | 0x2da00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001887F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4d000 |
SizeOfHeaders | 0x200 |
Checksum | 0x1d87bb |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
SHELL32.dll |
SHGetSpecialFolderPathW
ShellExecuteW SHGetMalloc SHGetPathFromIDListW SHBrowseForFolderW SHGetFileInfoW ShellExecuteExW |
GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
USER32.dll |
CreateWindowExW
GetDesktopWindow wsprintfA SetWindowPos SetTimer GetMessageW ScreenToClient KillTimer CharUpperW SendMessageW EndDialog wsprintfW MessageBoxW GetParent CopyImage ReleaseDC GetWindowDC GetMenu GetWindowLongW DispatchMessageW GetWindowTextW GetWindowTextLengthW SetWindowTextW GetSysColor DestroyWindow MessageBoxA BringWindowToTop ShowWindow GetKeyState GetDlgItem GetClientRect SetWindowLongW UnhookWindowsHookEx SetFocus GetSystemMetrics SystemParametersInfoW DrawTextW GetDC ClientToScreen GetWindow DialogBoxIndirectParamW DrawIconEx CallWindowProcW DefWindowProcW CallNextHookEx PtInRect SetWindowsHookExW LoadImageW LoadIconW MessageBeep EnableWindow IsWindow EnableMenuItem GetSystemMenu CreateWindowExA wvsprintfW GetClassNameA GetWindowRect |
ole32.dll |
CreateStreamOnHGlobal
CoCreateInstance CoInitialize |
OLEAUT32.dll |
SysAllocStringLen
VariantClear SysFreeString OleLoadPicture SysAllocString |
KERNEL32.dll |
SetFileTime
SetEndOfFile GetFileInformationByHandle VirtualFree GetModuleHandleA WaitForMultipleObjects VirtualAlloc ReadFile SetFilePointer GetFileSize LeaveCriticalSection EnterCriticalSection DeleteCriticalSection FormatMessageW lstrcpyW LocalFree IsBadReadPtr SuspendThread TerminateThread GetSystemDirectoryW GetCurrentThreadId InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize GetDriveTypeW CreateFileW SetEnvironmentVariableW GetTempPathW GetCommandLineW GetStartupInfoW CreateProcessW CreateJobObjectW ResumeThread AssignProcessToJobObject CreateIoCompletionPort SetInformationJobObject GetQueuedCompletionStatus GetExitCodeProcess CloseHandle LoadLibraryA SetThreadLocale lstrlenW GetSystemTimeAsFileTime ExpandEnvironmentStringsW CompareFileTime WideCharToMultiByte FindFirstFileW lstrcmpW DeleteFileW FindNextFileW FindClose SetCurrentDirectoryW RemoveDirectoryW GetEnvironmentVariableW lstrcmpiW GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource GetProcAddress GetModuleHandleW GetStdHandle ExitProcess lstrcatW GetDiskFreeSpaceExW SetLastError SetFileAttributesW Sleep GetExitCodeThread WaitForSingleObject CreateThread GetLastError SystemTimeToFileTime GetLocalTime GetFileAttributesW CreateDirectoryW lstrlenA WriteFile GetStartupInfoA |
MSVCRT.dll |
_purecall
memcmp ??2@YAPAXI@Z memmove memcpy _wtol strncpy _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln exit _XcptFilter _exit ??1type_info@@UAE@XZ _onexit __dllonexit malloc free wcsstr _CxxThrowException wcscmp _beginthreadex _EH_prolog ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z memset _wcsnicmp strncmp wcsncmp wcsncpy ??3@YAXPAX@Z |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.6.1.3888 |
ProductVersion | 1.6.1.3888 |
FileFlags |
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | Oleg N. Scherbakov |
FileDescription | 7z Setup SFX (x86) |
FileVersion (#2) | 1.6.2.3888 |
InternalName | 7ZSfxMod |
LegalCopyright | Copyright © 2005-2015 Oleg N. Scherbakov |
OriginalFilename | 7ZSfxMod_x86.exe |
PrivateBuild | March 20, 2016 |
ProductName | 7-Zip SFX |
ProductVersion (#2) | 1.6.2.3888 |
Resource LangID | English - United States |
---|