Manalyze report for 0c1874ed0b16b12d4adbb56a89a009a7647337fa509bc90ff00189d92dd46925

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Apr-27 09:00:00
Detected languages	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Standalone Console
FileVersion	`26.01`
InternalName	7za
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7za.exe
ProductName	7-Zip
ProductVersion	`26.01`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Can access the registry: RegQueryValueExW RegCloseKey RegOpenKeyExW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetLogicalDriveStringsW` `Changes object ACLs: SetFileSecurityW`
Suspicious	VirusTotal score: 2/67 (Scanned on 2026-06-10 02:00:07)	`APEX: Malicious` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`4d3c1bffc7d1cb8f9539d3d5856646e2`
SHA1	`c33c0a5de8dfb721024e8bf35884a0becc4c4041`
SHA256	`0c1874ed0b16b12d4adbb56a89a009a7647337fa509bc90ff00189d92dd46925`
SHA3	`58f65b95cfdb4c6632db5119a575a0e541a63d7adaf49e7e37a36b5e577a61ac`
SSDeep	`24576:+cyxh7By5I3a+m8H/v9rgC1zCjz/qNdChzDsa4X+we:+cU7Ssa+m09UAWzKRa0e`
Imports Hash	`6c5965af38ef4fd6158aa40e07982ef9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Apr-27 09:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xb1e00`
SizeOfInitializedData	`0x2b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000A6D24 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe1000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2c78fc2be466cc23e810d520c1d21a87`
SHA1	`f0931bcdd119d9aab01d21d5872a2ea8b0cc3215`
SHA256	`3d211240fb10e0daf7151faacb36d36cdf1b782c10479cd997e3b5c7ae4e025e`
SHA3	`fac8d82a43f42050d550bd1d7b4692da6c4d536b4ce3c5aabb610a7d6d56814e`
VirtualSize	`0xb1deb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71846`

.rdata

MD5	`6fdaeb7006509c98e2fa2ce5459068ee`
SHA1	`77cd91902cf62a0fd559102b8cbcfae4ec71cf97`
SHA256	`62c0c7d6d63eccbfc240a255f93f2575ed5d0cd2abd568d23c258a6983e95e26`
SHA3	`d29c33f6629bcf0d0f2d8a5a8b8a484c5df9222b160e089a3200d2a3a7fc0994`
VirtualSize	`0x16e7e`
VirtualAddress	`0xb3000`
SizeOfRawData	`0x17000`
PointerToRawData	`0xb2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70665`

.data

MD5	`bdbbe3b5eb6209f85adb54984b213eb1`
SHA1	`478da11e1390f7d6d90bff9ef76f9fa0ab5fb84f`
SHA256	`df73d16ab5180aa644755771aec43f8f4f8a97895eaa7a9bda067da731eb2da9`
SHA3	`c8984fc16179d28a1f5dc15e153707e16eb3efd92f84bf93033fd990ab344f0f`
VirtualSize	`0xc3b4`
VirtualAddress	`0xca000`
SizeOfRawData	`0x800`
PointerToRawData	`0xc9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.65763`

.sxdata

MD5	`9db9db0c83b2dde055d265c6eb64e015`
SHA1	`4c6d18567ffedc50ec00413eb1719dc2c1e9b42e`
SHA256	`94513edff019d59024a4f2eb0e46c8c0c40aa0890345afd74b44cab51fcd620c`
SHA3	`67e13ac06946e18e76e9f857554a3169e51caac63cdb9d15625c4578f37365af`
VirtualSize	`0x4`
VirtualAddress	`0xd7000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_INFO` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`df0d1c9b644ae471ac90f62d2b3b9bc3`
SHA1	`fbf8a0f83510ac5187235d3db6eb8de6e669cf79`
SHA256	`6a0433805d09ae5b15ab171840794032812ac920ed76fc04a56cf760ca5a2fb4`
SHA3	`4a115ecb10cd308575b85cb7db38e125597d30f45e0aca279e4676840242dcb6`
VirtualSize	`0x7d0`
VirtualAddress	`0xd8000`
SizeOfRawData	`0x800`
PointerToRawData	`0xc9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94506`

.reloc

MD5	`5f3d4b7e9673c9a88f9b43d212e2a617`
SHA1	`5b8a3480cdecf9f602d1e1e71eb143fb63885d5d`
SHA256	`dba7bd1c4165ff37d92447c81db77f5f59cc80c42558dd52420db11b72f92dff`
SHA3	`1d04578be6cf47c04a0bf560d5eba7f48102b10747bec64b43379b22d362ba9d`
VirtualSize	`0x76a6`
VirtualAddress	`0xd9000`
SizeOfRawData	`0x7800`
PointerToRawData	`0xca400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.15909`

Imports

OLEAUT32.dll	`VariantCopy` `SysAllocStringLen` `SysAllocString` `SysFreeString` `SysStringLen` `VariantClear`
USER32.dll	`CharPrevExA` `CharUpperW`
ADVAPI32.dll	`OpenProcessToken` `GetFileSecurityW` `SetFileSecurityW` `RegQueryValueExW` `RegCloseKey` `RegOpenKeyExW` `AdjustTokenPrivileges` `LookupPrivilegeValueW`
MSVCRT.dll	`_controlfp` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `__p___initenv` `exit` `_XcptFilter` `_exit` `_onexit` `__dllonexit` `??1type_info@@UAE@XZ` `?terminate@@YAXXZ` `_except_handler3` `_beginthreadex` `realloc` `_ftol` `_isatty` `_get_osfhandle` `memset` `strlen` `wcscmp` `wcsstr` `strcmp` `memmove` `fputs` `fputc` `fflush` `fgetc` `_iob` `free` `malloc` `memcmp` `_purecall` `memcpy` `_CxxThrowException` `__CxxFrameHandler`
KERNEL32.dll	`WaitForSingleObject` `ResumeThread` `SetThreadAffinityMask` `CreateEventW` `SetEvent` `ResetEvent` `CreateSemaphoreW` `ReleaseSemaphore` `InitializeCriticalSection` `RemoveDirectoryW` `InterlockedIncrement` `GetVersion` `VirtualFree` `VirtualAlloc` `GetOEMCP` `LocalFileTimeToFileTime` `SetConsoleMode` `GetVersionExW` `SetFileApisToOEM` `GetCommandLineW` `GetConsoleScreenBufferInfo` `SetConsoleCtrlHandler` `DeleteCriticalSection` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetProcessTimes` `OpenEventW` `OpenFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `GetConsoleMode` `SetProcessAffinityMask` `WaitForMultipleObjects` `EnterCriticalSection` `LeaveCriticalSection` `GetSystemTimeAsFileTime` `FileTimeToDosDateTime` `DosDateTimeToFileTime` `IsProcessorFeaturePresent` `GlobalMemoryStatus` `GetSystemInfo` `GetProcessAffinityMask` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `CompareFileTime` `GetModuleHandleW` `GetCurrentProcess` `GetDiskFreeSpaceExW` `GetDiskFreeSpaceW` `GetLastError` `MultiByteToWideChar` `WideCharToMultiByte` `FreeLibrary` `LoadLibraryW` `GetModuleFileNameW` `LocalFree` `FormatMessageW` `CloseHandle` `SetFileTime` `CreateFileW` `SetFileAttributesW` `MoveFileW` `MoveFileWithProgressW` `CreateHardLinkW` `CreateDirectoryW` `DeleteFileW` `SetLastError` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `GetTempPathW` `GetCurrentProcessId` `GetTickCount` `GetCurrentThreadId` `GetFileInformationByHandle` `GetStdHandle` `FindClose` `FindFirstFileW` `FindNextFileW` `GetProcAddress` `GetModuleHandleA` `GetFileAttributesW` `GetLogicalDriveStringsW` `GetFileSize` `SetFilePointer` `DeviceIoControl` `ReadFile` `WriteFile` `SetEndOfFile`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40087`
MD5	`ef55c1855367fb6b9cc04586855aa146`
SHA1	`1d79e4454d939dd6cf4fd45b95d66ce01039f99c`
SHA256	`db3b1721a409bbfe5763e374bd569876b5c44be0a91e6fde241a3e476a7a312b`
SHA3	`f3bd161644d5881fb6852ae715777011935c64cd8a7e4baddbda2296e0c6e10c`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39364`
MD5	`a17f3cbe92860f2e53febbe2a0e28282`
SHA1	`6f4ac372269b81bf959278441417e35f93d512a5`
SHA256	`ed925f9e8435bd13944040e3066e82dcc10150c75da39dade20bd2780315047f`
SHA3	`061a3cdefa7647d27b1afed0158176c479cf6fd31101a60a27e44c66499f7814`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	26.1.0.0
ProductVersion	26.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Igor Pavlov
FileDescription	7-Zip Standalone Console
FileVersion (#2)	26.01
InternalName	7za
LegalCopyright	Copyright (c) 1999-2026 Igor Pavlov
OriginalFilename	7za.exe
ProductName	7-Zip
ProductVersion (#2)	26.01

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3f0936b`
Unmarked objects	`0`
C++ objects (8047)	`3`
14 (7299)	`9`
C objects (8047)	`11`
Linker (8047)	`2`
C objects (2190)	`1`
Total imports	`158`
Imports (2179)	`9`
C++ objects (VS98 SP6 build 8804)	`192`
C objects (VS98 SP6 build 8804)	`4`
C objects (VS2010 SP1 build 40219)	`33`
C objects (35226)	`4`
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336)	`6`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.