× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0944f4b839d3b5bdb71f680bcfe43403487baad905a09548dd2761aa11f4ca5
File name: nvdevlop.exe
Detection ratio: 17 / 57
Analysis date: 2016-06-05 07:51:39 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.BTSGeneric 20160605
Avast Win64:PUP-gen [PUP] 20160605
Avira (no cloud) APPL/Cmdow.88576 20160604
AVware Trojan.Win32.Generic!BT 20160604
Cyren W32/Trojan.SYGE-6877 20160605
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20160604
Fortinet Riskware/CMDOW 20160605
GData Win32.Trojan.Agent.JH3S2F 20160605
Ikarus Trojan.Cmdow 20160605
K7AntiVirus Trojan ( 00470eed1 ) 20160605
K7GW Trojan ( 00470eed1 ) 20160605
McAfee-GW-Edition BehavesLike.Win32.Adware.tc 20160605
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20160605
Rising Trojan.Generic-TCXeEJEoWWG (Cloud) 20160605
Sophos AV Generic PUA IP (PUA) 20160605
Symantec SecurityRisk.Cmdow 20160605
VIPRE Trojan.Win32.Generic!BT 20160605
Ad-Aware 20160605
AegisLab 20160604
AhnLab-V3 20160604
Alibaba 20160603
ALYac 20160605
Arcabit 20160605
AVG 20160605
Baidu 20160603
Baidu-International 20160604
BitDefender 20160605
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160605
CMC 20160602
Comodo 20160605
DrWeb 20160605
Emsisoft 20160605
F-Prot 20160605
F-Secure 20160604
Jiangmin 20160605
Kaspersky 20160605
Kingsoft 20160605
Malwarebytes 20160605
McAfee 20160605
Microsoft 20160605
eScan 20160605
nProtect 20160603
Panda 20160605
Qihoo-360 20160605
SUPERAntiSpyware 20160605
Tencent 20160605
TheHacker 20160604
TotalDefense 20160605
TrendMicro 20160605
TrendMicro-HouseCall 20160605
VBA32 20160603
ViRobot 20160604
Yandex 20160604
Zillya 20160603
Zoner 20160605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2010 Igor Pavlov

Product 7-Zip
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 9.20
Description 7z Setup SFX
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 16:27:35
Entry Point 0x00014B04
Number of sections 5
PE sections
Overlays
MD5 976ed7c17d5c7b2557c9695c86055435
File type data
Offset 140800
Size 1142012
Entropy 8.00
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
RemoveDirectoryW
FindFirstFileA
ResetEvent
GetTempFileNameA
FindNextFileA
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetCPInfo
GetEnvironmentStrings
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
VariantClear
SysAllocString
ShellExecuteExA
GetWindowLongA
SetTimer
MessageBoxW
LoadIconA
LoadStringA
SetWindowTextA
EndDialog
PostMessageA
CharUpperW
DialogBoxParamW
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
SetWindowLongA
KillTimer
DialogBoxParamA
ShowWindow
CharUpperA
DestroyWindow
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
34816

ImageVersion
6.0

ProductName
7-Zip

FileVersionNumber
9.20.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2

TimeStamp
2010:11:18 17:27:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
9.2

FileDescription
7z Setup SFX

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1999-2010 Igor Pavlov

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
104960

FileSubtype
0

ProductVersionNumber
9.20.0.0

EntryPoint
0x14b04

ObjectFileType
Executable application

Execution parents
File identification
MD5 4665fae41e309efa4f3286ca930d603f
SHA1 f5e25910db65ad981fb05fa9cbd6521683a6db4f
SHA256 a0944f4b839d3b5bdb71f680bcfe43403487baad905a09548dd2761aa11f4ca5
ssdeep
24576:11OYdaLi9xWeVP9q/00gnQCicYLc0zzmj0KKH28ExBRb0DtQ5aA8XSPbP:11OsnXO/VgQCbmvzSjsAxbb0DS5aA8S7

authentihash 33ab235e1bccac12dab5dd680e793ae35fb293905581cf4e72e54eb2dda3d9b4
imphash 3786a4cf8bfee8b4821db03449141df4
File size 1.2 MB ( 1282812 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-06-05 07:51:39 UTC ( 1 year, 4 months ago )
Last submission 2016-06-05 07:51:39 UTC ( 1 year, 4 months ago )
File names nvdevlop.exe
7zS.sfx.exe
7zS.sfx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications