Report #11129 cancel

  • Creation Date: Sept. 8, 2020, 12:51 a.m.
  • Last Update: Sept. 8, 2020, 12:51 a.m.
  • File: 7z1900-x64.exe
  • Results:
Binary
DLL
False cancel
Size
1.38MB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
d7b20f933be6cdae41efbe75548eba5f
sha1
9fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
crc32
0xb235448d
sha224
536471d07eccc034c0ca86951e892b03b5d2e35a80d066532e7ecb8e
sha256
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
sha384
7be088b9087018b08de51d4718f32eb6103a14601262e481a0db8669f1ab5323f6e90814551f485a9838f4d99ba6791f
sha512
af8f38679e16c996ffac152cac49369cf4b609abbd2cad07f49a114a82c6b5e564be29630c0fd2418110cf1a3d0ef3c9cc12f9164a69a575c91d9b98ce0df1a9
ssdeep
24576:D4EspaiGhP1x+96UBz1V/7hw5CILSbvCDpmdLq9zyMfNyAGW6xRZzXeyNbgQF1:D4CiI1k9/HYCtMpK2zyM45fzuYbgQF1
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Armadillo_v171_additional, Microsoft_Visual_Cpp_v60, CRC32_poly_Constant, escalate_priv, HasRichSignature, possible_includes_base64_packed_functions, Microsoft_Visual_Cpp_v50v60_MFC_additional, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, IP, contentis_base64, Armadillo_v171, win_token, Microsoft_Visual_Cpp_50, IsWindowsGUI, IsPacked, Microsoft_Visual_Cpp, url, win_registry, HasOverlay

Suspicious
True check_circle

Strings
List
<asmv3:application><asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
M.sr
t.NG
E.Im
D.gE
o2.Ph
L.ai
Software\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe
a.uS
-.Se
k.MT
m.VG
W.Md
0.bB
S.SX
5.gm
Ht.Hu>
<dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/></dependentAssembly></dependency>
Uninstall.exe
7zipInstall.exe
l.UZ
9.pK
2.aX
C$rDP(%e
(mAc.Sn
7-Zip File Manager.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
7-Zip Help.lnk
Axr.nck
!2.afh
%E#o}%
Wversion.dll
*."3
[(weL
WhI:&
vI:<!E
<Rdn
td&ovL
hrmd&PKE
s|%4o}@
%uxoS/5i
/%E2{
2tO%E|
|OI%E_'`
6R3%a
H%Gr{R}
%e-&@
/T}%ol
da2l%A
Apartment
S%gcR(n
fDEc
tryMk
N%psy
wO%et
p%ehS
Software\Microsoft\Windows\CurrentVersion
foMk%i
mNe%oQ
]R%gE zM@ap
Software\7-Zip
R $%a
Decoder doesn't support this archive
SeShutdownPrivilege
<!-- Win 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Win 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Win 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Win 10 --> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
&Install
Install 7-Zip
7-zip.chm
7-zip.dll
7-zip.dll
7-zip32.dll
7-zip32.dll
F&u.Cc{l
p.hbx]
_acmdln
GetProcAddress
IsWow64Process
7zipInstall
v.ST}.
sRdp
OpenProcessToken
CoCreateInstance
UninstallString
InstallLocation
CreateFileW
RegSetValueExW
GetModuleHandleA
LoadLibraryExW
SetFilePointer
WriteFile
DeleteFileW
CreateDirectoryW
LoadLibraryW
GetModuleFileNameW
SetFileTime
MoveFileExW

Foremost
Matches
0.exe, 36 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: Wversion.dll, kernel32.dll, 7-zip.dll, 7-zip32.dll, ADVAPI32.dll, MSVCRT.dll, SHELL32.dll, ole32.dll, USER32.dll
hasFiles: True check_circle
Suspicious: 7-Zip Help.lnk, 7-Zip File Manager.lnk
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 19456
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 29524
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, advapi32.dll, msvcrt.dll, shell32.dll, ole32.dll, user32.dll
hasLibs: True check_circle
Suspicious: wversion.dll, 7-zip.dll, 7-zip32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-02-21 14:00:00
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ v6.0, Microsoft Visual C++ 5.0, Microsoft Visual C++
MainPacker: Armadillo v1.71

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.rsrc: 1
.text: 1
.rdata: 1

garbagebytes
.text: 1

hookdetection
.text: 1

programcontrolflowchange
.text: 1

cpuinstructionsresultscomparison
.rsrc: 4

AVclass
None
1
VirusTotal
md5
d7b20f933be6cdae41efbe75548eba5f
sha1
9fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20200908
version: 18.4.3895.0
detected: False cancel

CMC
update: 20200907
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200908
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200907
version: 6.68
detected: False cancel

Bkav
update: 20200907
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200908
version: 11.135.35190
detected: False cancel

ALYac
update: 20200908
version: 1.1.1.5
detected: False cancel

Avast
update: 20200908
version: 18.4.3895.0
detected: False cancel

Avira
update: 20200908
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200905
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200908
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20200908
version: 7.0.48.8080
detected: False cancel

GData
update: 20200908
version: A:25.26925B:27.20092
detected: False cancel

Panda
update: 20200907
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200907
version: 4.4.1
detected: False cancel

VIPRE
update: 20200908
version: 86524
detected: False cancel

Zoner
update: 20200907
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200907
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200907
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200908
version: 6.0.6.653
detected: False cancel

Rising
update: 20200907
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200908
version: 4.98.0
detected: False cancel

Yandex
update: 20200907
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200907
version: 2.0.0.4170
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200908
version: 1.0.0.881
detected: False cancel

Cylance
update: 20200908
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
update: 20200908
version: 32.36.1.0
detected: False cancel

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200908
version: 2020-09-08.01
detected: False cancel

Tencent
update: 20200908
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200907
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200908
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200908
detected: False cancel

Ad-Aware
update: 20200908
version: 3.0.16.117
detected: False cancel

AegisLab
update: 20200908
version: 4.2
detected: False cancel

Emsisoft
update: 20200908
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200908
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20200908
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200908
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200907
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200908
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200908
version: 1.0
detected: False cancel

Symantec
update: 20200907
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200907
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200908
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200907
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200907
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20200908
version: 1.1.17400.5
detected: False cancel

Qihoo-360
update: 20200908
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200908
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20200908
version: 21952
detected: False cancel

TrendMicro
update: 20200908
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200908
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200907
version: 11.135.35188
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200908
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200907
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200907
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200908
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
update: 20200902
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200908
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200904
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200908
version: 10.0.0.1040
detected: False cancel

total
70
sha256
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
scan_id
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e-1599534619
resource
d7b20f933be6cdae41efbe75548eba5f
positives
0
scan_date
2020-09-08 03:10:19
verbose_msg
Scan finished, information embedded
response_code
1