abcf64ae1cbafddb5395e4cdd3bdc7e3e0561d54a0c6380e3dd43bdbffe519a2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-27 09:00:00
Detected languages English - United States
CompanyName Igor Pavlov
FileDescription 7-Zip Reduced Standalone Console
FileVersion 26.01
InternalName 7zr
LegalCopyright Igor Pavlov : Public domain
OriginalFilename 7zr.exe
ProductName 7-Zip
ProductVersion 26.01

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • HARDWARE\DESCRIPTION\System
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Uses constants related to AES
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
 Can access the registry:
  • RegQueryValueExW
  • RegCloseKey
  • RegOpenKeyExW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
 Enumerates local disk drives:
  • GetLogicalDriveStringsW
 Changes object ACLs:
  • SetFileSecurityW
Suspicious VirusTotal score: 1/71 (Scanned on 2026-06-09 18:18:32) APEX: Malicious

Hashes

MD5 831d04764c51f8eac5dd339612f5830e
SHA1 e8b1d04aa7b58707d859b73ebfa89934ebc488ba
SHA256 abcf64ae1cbafddb5395e4cdd3bdc7e3e0561d54a0c6380e3dd43bdbffe519a2
SHA3 86711c88a0798acc40e7962c15974c2ff80547c0369cb0b0548e7ccfbbb0795b
SSDeep 12288:TOZNbHR+Oeummxstjg6PEwbLRj8x6ELAb29X6cC7LzBDU9cDTpOMW:Tyx+ON6c6ZdjS68H9qcoLzBDU9kTpOM
Imports Hash 265a7b8da130a3531d7f289893341800

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2026-Apr-27 09:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x7aa00
SizeOfInitializedData 0x23800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00071D00 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x7c000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xa2000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 73fed048079ee3af99e9a140c1ec2fd3
SHA1 fdd2c6c34f15ee1a59aa1f7dcebc185a01fcc6ef
SHA256 61195e7638734d9155407836dc885c69e2746f98314c086ab9315f5c4da61a3a
SHA3 b1ece039d7cd7fe9154652139caa9106c340cff61daad89a09564451243ba5d8
VirtualSize 0x7a925
VirtualAddress 0x1000
SizeOfRawData 0x7aa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.69039

.rdata

MD5 282cdd15506a7fbd371d18221f0827c9
SHA1 9222ce4c3258bdc217a6580fcc5b3cd001be3962
SHA256 963cab1d1b652f0ff26af9bb1916f78a27dd3419ddac3d51a256c8aedb71ca9f
SHA3 82e7a6a65bb890ecc2df9c3122e572e5b710c28481829508ae3cd7eb93562c0f
VirtualSize 0x116d4
VirtualAddress 0x7c000
SizeOfRawData 0x11800
PointerToRawData 0x7ae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.73141

.data

MD5 a1bf7f108be13885123b055dcd07d5f9
SHA1 dfbd92735d7e0c234d433fc5408586197e9e62bf
SHA256 057c4060bded24a0df113af84c5368f796f7c9e7c6ef7b5bbdfadf7cee9ed9c9
SHA3 03ae6229d6b5dc7df272802f94968cf848f9606de3102f75b29736b402e6c8ac
VirtualSize 0xbaf0
VirtualAddress 0x8e000
SizeOfRawData 0x600
PointerToRawData 0x8c600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.62104

.sxdata

MD5 9db9db0c83b2dde055d265c6eb64e015
SHA1 4c6d18567ffedc50ec00413eb1719dc2c1e9b42e
SHA256 94513edff019d59024a4f2eb0e46c8c0c40aa0890345afd74b44cab51fcd620c
SHA3 67e13ac06946e18e76e9f857554a3169e51caac63cdb9d15625c4578f37365af
VirtualSize 0x4
VirtualAddress 0x9a000
SizeOfRawData 0x200
PointerToRawData 0x8cc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_LNK_INFO
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 466508809ba1d0faf43253a4638e061d
SHA1 762b17ffab9dc1214fdb8ec668cadd2467476b74
SHA256 8b0946c99a0800ffda8af57ee9ec0b38f621eed08c15778a4d8a3e8e8612135a
SHA3 bf28376ef2aa5b34b84bde6728c3981f55cd5b64ccbff8cd2980ee1c152f8e27
VirtualSize 0x7d0
VirtualAddress 0x9b000
SizeOfRawData 0x800
PointerToRawData 0x8ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.94141

.reloc

MD5 a38d932e8e9af20b6bbf6a8c19cc5601
SHA1 3a458a90fc23c946bc439550068b20f96dc2436b
SHA256 5bab305b9da10a55aaf4a422993e860688c2437d364bcea40df631ca88b220e9
SHA3 2ed24af22918b884918d43d2721b83bd8c44ee4831535e33fb966d722def937f
VirtualSize 0x59aa
VirtualAddress 0x9c000
SizeOfRawData 0x5a00
PointerToRawData 0x8d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.19648

Imports

OLEAUT32.dll VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear
USER32.dll CharUpperW
ADVAPI32.dll OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
MSVCRT.dll _controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
realloc
_ftol
_isatty
_get_osfhandle
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
_iob
free
malloc
memcmp
_purecall
memcpy
_CxxThrowException
__CxxFrameHandler
KERNEL32.dll WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
SetFileAttributesW
InterlockedIncrement
GetVersion
VirtualFree
VirtualAlloc
SetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetConsoleMode
SetProcessAffinityMask
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetModuleHandleW
GetCurrentProcess
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
RemoveDirectoryW
MoveFileW
MoveFileWithProgressW
CreateHardLinkW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
GetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetProcAddress
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
DeviceIoControl

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2c4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39553
MD5 914e7fb0207aec85409d4a6116e865e5
SHA1 bb2fa504dfcd0eea1f72dcac51524efdeabfa8ed
SHA256 3785f02a342682b374b92c865ea593cad31f9f4d1d6790faead4d791ef2cc1a5
SHA3 d6d06522928b72119d2a4691bca9d6c85d1b19e8fa9d11d4aef770474068e43e

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.39364
MD5 a17f3cbe92860f2e53febbe2a0e28282
SHA1 6f4ac372269b81bf959278441417e35f93d512a5
SHA256 ed925f9e8435bd13944040e3066e82dcc10150c75da39dade20bd2780315047f
SHA3 061a3cdefa7647d27b1afed0158176c479cf6fd31101a60a27e44c66499f7814

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 26.1.0.0
ProductVersion 26.1.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Igor Pavlov
FileDescription 7-Zip Reduced Standalone Console
FileVersion (#2) 26.01
InternalName 7zr
LegalCopyright Igor Pavlov : Public domain
OriginalFilename 7zr.exe
ProductName 7-Zip
ProductVersion (#2) 26.01
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x66c7639d
Unmarked objects 0
C++ objects (8047) 3
14 (7299) 8
C objects (8047) 11
Linker (8047) 2
C objects (2190) 1
Total imports 155
Imports (2179) 9
C++ objects (VS98 SP6 build 8804) 135
C objects (VS2010 SP1 build 40219) 23
C objects (VS98 SP6 build 8804) 3
C objects (35226) 4
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336) 5
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

Leave a comment

No comments yet.