7z.exe

  • File Path: C:\Program Files\7-Zip\7z.exe
  • Description: 7-Zip Console

Hashes

Type Hash
MD5 619F7135621B50FD1900FF24AADE1524
SHA1 6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
SHA256 344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
SHA384 4090A5DE14D74906677BBBEDAB30EFBF11BE76620ED33132546C47B24FC87E72D39E2B09B83CE2245613167B380FC496
SHA512 2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
SSDEEP 6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V
IMP 41C55772E303B8488EA464A0538E35D5
PESHA1 903AF45A8EDF856590AD0E592F9CEEF35056E2EB
PE256 7C3DF148032A3890BE9A72F24B30F7D923D6865B22D6D1B38423AC8119107185

Runtime Data

Usage (stdout):


7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21

Usage: 7z <command> [<switches>...] <archive_name> [<file_names>...] [@listfile]

<Commands>
  a : Add files to archive
  b : Benchmark
  d : Delete files from archive
  e : Extract files from archive (without using directory names)
  h : Calculate hash values for files
  i : Show information about supported formats
  l : List contents of archive
  rn : Rename files in archive
  t : Test integrity of archive
  u : Update files to archive
  x : eXtract files with full paths

<Switches>
  -- : Stop switches and @listfile parsing
  -ai[r[-|0]]{@listfile|!wildcard} : Include archives
  -ax[r[-|0]]{@listfile|!wildcard} : eXclude archives
  -ao{a|s|t|u} : set Overwrite mode
  -an : disable archive_name field
  -bb[0-3] : set output log level
  -bd : disable progress indicator
  -bs{o|e|p}{0|1|2} : set output stream for output/error/progress line
  -bt : show execution time statistics
  -i[r[-|0]]{@listfile|!wildcard} : Include filenames
  -m{Parameters} : set compression Method
    -mmt[N] : set number of CPU threads
    -mx[N] : set compression level: -mx1 (fastest) ... -mx9 (ultra)
  -o{Directory} : set Output directory
  -p{Password} : set Password
  -r[-|0] : Recurse subdirectories
  -sa{a|e|s} : set Archive name mode
  -scc{UTF-8|WIN|DOS} : set charset for for console input/output
  -scs{UTF-8|UTF-16LE|UTF-16BE|WIN|DOS|{id} } : set charset for list files
  -scrc[CRC32|CRC64|SHA1|SHA256|*] : set hash function for x, e, h commands
  -sdel : delete files after compression
  -seml[.] : send archive by email
  -sfx[{name}] : Create SFX archive
  -si[{name}] : read data from stdin
  -slp : set Large Pages mode
  -slt : show technical information for l (List) command
  -snh : store hard links as links
  -snl : store symbolic links as links
  -sni : store NT security information
  -sns[-] : store NTFS alternate streams
  -so : write data to stdout
  -spd : disable wildcard matching for file names
  -spe : eliminate duplication of root folder for extract command
  -spf : use fully qualified file paths
  -ssc[-] : set sensitive case mode
  -sse : stop archive creating, if it can't open some input file
  -ssw : compress shared files
  -stl : set archive timestamp from the most recently modified file
  -stm{HexMask} : set CPU thread affinity mask (hexadecimal number)
  -stx{Type} : exclude archive type
  -t{Type} : Set type of archive
  -u[-][p#][q#][r#][x#][y#][z#][!newArchiveName] : Update options
  -v{Size}[b|k|m|g] : Create volumes
  -w[{path}] : assign Work directory. Empty path means a temporary directory
  -x[r[-|0]]{@listfile|!wildcard} : eXclude filenames
  -y : assume Yes on all queries

Usage (stderr):



Command Line Error:
Unsupported command:
C:\temp\strontic-xcyclopedia\notepad.exe

Loaded Modules:

Path
C:\Program Files\7-Zip\7z.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: The file C:\Program Files\7-Zip\7z.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: 7z.exe
  • Product Name: 7-Zip
  • Company Name: Igor Pavlov
  • File Version: 19.00
  • Product Version: 19.00
  • Language: English (United States)
  • Legal Copyright: Copyright (c) 1999-2018 Igor Pavlov
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\PeaZip\res\7z\7z.exe 100

Possible Misuse

The following table contains possible examples of 7z.exe being misused. While 7z.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_unc2452_cmds.yml - '7z.exe a -v500m -mx9 -r0 -p' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '7z.exe' DRL 1.0
sigma proc_creation_win_renamed_binary.yml - '\7z.exe' DRL 1.0
sigma proc_creation_win_susp_7z.yml - '7z.exe' DRL 1.0
atomic-red-team T1110.002.md Start-Process cmd.exe -Args “/c %temp%\7z\7z.exe x %temp%\hashcat6.7z -aoa -o%temp%\hashcat-unzip” -Wait MIT License. © 2018 Red Canary
atomic-red-team T1560.001.md | 7zip_exe | Path to installed 7zip executable | Path | %ProgramFiles%\7-zip\7z.exe| MIT License. © 2018 Red Canary
stockpile 30a8cf10-73dc-497c-8261-a64cc9e91505.yml & "C:\Program Files\7-Zip\7z.exe" a "#{host.dir.staged}.7z" "#{host.dir.staged}\*" "-p#{host.archive.password}" \| Out-Null; Apache-2.0
stockpile 5c5b0392-1daa-45e1-967c-2f361ce78849.yml & "C:\Program Files\7-Zip\7z.exe" a "#{host.dir.staged}.7z" "#{host.dir.staged}\*" '-p#{host.archive.password}' \| Out-Null; Apache-2.0

MIT License. Copyright (c) 2020-2021 Strontic.