7z[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

7z.exe
Size

277KB
MD5

f17d0d9999ec81f734af19d721c8da96
SHA1

71411f50fbfbb9f77d61860aac3b9133d428274f
SHA256

eb021240d46f6c12e53fcf92f095ee87aae055a82ae0d986318e8f8b57e463cb
SHA512

ac5b0e6b03215ca965401dbb59c04549aa5f7e851a95f3fea89de9da8221594106ed13e271e8f3ee3b29c1e0cae337ce2a6a39b72f5d4feb13a447b6d387527e
SSDEEP

3072:tpcAeriaGk2tLkZn0hZk/fbt+7wjCUBO+04kU7jejsMlG6J/31dAeOEtNYdHVOQt:npON2tA423Kibf7jvMl9TJTY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7z.exe

Files

7z.exe
.exe windows x64

319d7f6471d5cbc5b2256002cf87b18c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharNextA
CharUpperW
CharUpperA

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW

msvcrt

_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_isatty
wcslen
fputc
fflush
_iob
_c_exit
fgetc
fclose
free
malloc
memmove
memcmp
memcpy
fprintf
strlen
fputs
memset
__CxxFrameHandler
_CxxThrowException
_exit
_cexit
exit
__getmainargs
__initenv
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

kernel32

VirtualAlloc
VirtualFree
GetModuleHandleW
WaitForSingleObject
SetEvent
InitializeCriticalSection
SetConsoleMode
SetCurrentDirectoryW
GetProcAddress
GetProcessTimes
GetTickCount
UnmapViewOfFile
OpenEventW
MapViewOfFile
OpenFileMappingW
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GlobalMemoryStatusEx
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
GetFullPathNameW
lstrlenW
GetTempFileNameW
GetTempPathW
SearchPathW
GetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetLastError

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

319d7f6471d5cbc5b2256002cf87b18c

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 784B

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 784B