019850f400f5b0f7de761782029e858d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2009-Nov-02 20:23:03
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
MSVC++ v.8 (procedure 1 recognized - h)
Info Interesting strings found in the binary: Contains domain names:
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/SMI/2005/WindowsSettings
  • http://www.winzip.com
  • microsoft.com
  • schemas.microsoft.com
  • winzip.com
  • www.winzip.com
Suspicious This PE is a WinZip self-extractor Unusual section name found: _winzip_
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegQueryValueA
 Possibly launches other programs:
  • ShellExecuteA
  • CreateProcessA
 Enumerates local disk drives:
  • GetDriveTypeA
  • GetVolumeInformationA
Info The PE is digitally signed. Signer: Technik Markt TMA e.K.
Issuer: Sectigo Public Code Signing CA EV R36
Safe VirusTotal score: 0/71 (Scanned on 2025-04-27 16:25:09) All the AVs think this file is safe.

Hashes

MD5 019850f400f5b0f7de761782029e858d
SHA1 d38603859e3af9e993b5f0452f985138083fcc97
SHA256 3bb3bab742bce1ebdadb2cec06926835ecc50a9cb1a74567232ed9c6eab3343b
SHA3 c084aeca3f74fdb12801a50b40b11a1c89be1c6bb19c0ca84d311e8556166f47
SSDeep 98304:BEou88dAT+XHnlFmP6spyLFuSvoQJa9TBqB5nbEx5eL:BLByHnlPVpuZv9Yvb6eL
Imports Hash f2f9102c7663962c22d17a8dabc5e7ce

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2009-Nov-02 20:23:03
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x12000
SizeOfInitializedData 0xa000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000A79E (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x13000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x373000
SizeOfHeaders 0x1000
Checksum 0x3774dd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x7d00
SizeofStackCommit 0x1000
SizeofHeapReserve 0x7d00
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8ad57c6baf27d65ae8dae769b564ae30
SHA1 afc72abe8bd4ed038b3cade04d76157925e989b6
SHA256 3609840f4d331142bbe36517e9a1c7e1fb4c959369a5035658457b9c01596ace
SHA3 21e47a5c4320fe90116e61879bb4cb38f05c57a7ebe2e902587870c8f61a45fb
VirtualSize 0x11ff5
VirtualAddress 0x1000
SizeOfRawData 0x12000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62017

.rdata

MD5 5936658766ce0c07e562dccd1db5a0e3
SHA1 bac67a23c3e1c0c0d3e1324a02acf39f10cba5ee
SHA256 583f7045fd98c4af0485f8fddf0a04eda96dbc44b158629b4b833bff4a83e6e9
SHA3 d02848622b207b6e14f76d8fce3f99ae64923731d9a8333a905b51c54f2d7347
VirtualSize 0x3742
VirtualAddress 0x13000
SizeOfRawData 0x4000
PointerToRawData 0x13000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.93792

.data

MD5 cff4e02c8ca79ed409f4ff0a33ad1238
SHA1 75b0a40243aa378bd8b86be6069bb56314895d51
SHA256 d2bee196a8921b600cea38bd1de34e986de045d3159ba723d77b450e2c0fa4c6
SHA3 467788edb69e211830fcd2ec9ce85104ec9475c672b5b6312d0a2f94c0e0eb1e
VirtualSize 0xe744
VirtualAddress 0x17000
SizeOfRawData 0x2000
PointerToRawData 0x17000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.97645

.rsrc

MD5 555ad4a9a89818bdea0a0474ad6d8f73
SHA1 4cefbb95aadc516a66403ba2fa43525a666cc438
SHA256 b27c009b7e799acbef1a4a78cdb26023c36554a9c1b6f839dcb39c6888766bbd
SHA3 e7dece920f27019da1e3646f863b34c6be8de1caca6c885774c95788715639b4
VirtualSize 0x3870
VirtualAddress 0x26000
SizeOfRawData 0x4000
PointerToRawData 0x19000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.60449

_winzip_

MD5 c9ec2a9e797e200a91adf114a7eb39f0
SHA1 fbc3de9462829589ff76306ea726dae9751655ab
SHA256 c72c3c0b169b9cc6fe31be93e6c75f92e4c4cb2934981bc469c15451aa88173a
SHA3 1a09119a9a4aaeb90ff8491875ce164627c80b95189feb126f3b82d2daa8b9f8
VirtualSize 0x349000
VirtualAddress 0x2a000
SizeOfRawData 0x349000
PointerToRawData 0x1d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 7.99767

Imports

SHELL32.dll SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
FindExecutableA
SHBrowseForFolderA
SHGetMalloc
USER32.dll GetClientRect
SetRect
EndPaint
LoadCursorA
GetLastActivePopup
KillTimer
ShowWindow
PostMessageA
SendMessageA
EnableWindow
SetTimer
SetWindowTextA
SetForegroundWindow
SetActiveWindow
SetDlgItemTextA
GetKeyState
CharUpperBuffA
PeekMessageA
GetSysColor
DispatchMessageA
GetParent
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
LoadStringA
MessageBoxA
DialogBoxParamA
GetWindowLongA
SetWindowLongA
GetDlgItemTextA
EndDialog
GetWindowRect
GetSystemMetrics
SetWindowPos
SetCursor
CharNextA
BeginPaint
SetWindowWord
GetWindowWord
DefWindowProcA
RegisterClassA
TranslateMessage
KERNEL32.dll GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStdHandle
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapSize
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
GetVersionExA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
LocalAlloc
GetDriveTypeA
GetEnvironmentVariableA
SetFilePointer
CreateFileA
GetWindowsDirectoryA
GlobalFree
GlobalUnlock
GlobalHandle
_lclose
_llseek
_lread
_lopen
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GetVersion
GetModuleFileNameA
WriteFile
GetSystemTime
LocalFree
ExitProcess
FormatMessageA
GetLastError
GetModuleHandleA
GetVolumeInformationA
WideCharToMultiByte
CreateProcessA
lstrcmpiA
SetErrorMode
MultiByteToWideChar
GetLocalTime
lstrlenA
CreateFileW
ReadFile
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
WriteConsoleW
CloseHandle
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
GDI32.dll SetTextColor
SetTextAlign
GetBkColor
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject
DeleteObject
SetBkColor
ADVAPI32.dll RegQueryValueA
COMCTL32.dll #17

Delayed Imports

ADMIN_MANIFEST

Type WZ_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x5df
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04402
MD5 2f5a5345dc279c35c156f57037d5e50e
SHA1 9bef8b6bec2382209bdad2b06706a15b69f74fe0
SHA256 98f8ff274c1f491e0bc777dca726b1c45078bdae83244da5c67cecbfbc9b2127
SHA3 83990283fd144ecbba6a8cda5d55b11ff4192aaa904379c230e8e85213b27a24

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x49d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.00542
Detected Filetype PNG graphic file
MD5 f9ca280d97084d1c224fa5a48f9f35db
SHA1 fc3dc0c4e6982a5a8eba42b926823fc823acbb0f
SHA256 3d9232be19be18832e3e833336a8b2c201cfb78e7f467e1f5b84e6592943ea2d
SHA3 54b199ecd27c1083977e207493864c8dbf1cae902618166369d911a7a1da902e

100

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x27e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28219
MD5 dad1c20c618d515b10b61a44809c6b2f
SHA1 5188fe91c9f95308c66a0012baa115017c1b0df2
SHA256 6d1ec53ff0ca4c30bf487fbcca917097c2ea962a0ca094879ded66b452ff1689
SHA3 712d88a3a8b82a9de7fcdfda03af0318e22803514631b6d8efb56dff23708a1e

400

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x192
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46881
MD5 4a886256bdb41545d026ea0b330da4a0
SHA1 f3eea15c6dadc779e9f02751567a8f8f69e344ff
SHA256 8ad4aee2b475e0861b71a197ee1b3652cbf76e3a81c3e8431e6918400bf2e963
SHA3 bb7d2d5ed494170cadbb6305236c5623d1a128905d6eec79da058819fc50ec4a

63

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x2fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.18826
MD5 064705d6ec2fc73b5956a3962bfdf76f
SHA1 4703535097c79aadd3db24f74ed6790fb80ee87b
SHA256 4093421746e8cfd88cc8562b29f9a60bcc80204266051ff7b8a9c3447df8a0fc
SHA3 f0bb2196e06f979a9db909cafe12bf6aa08b79ac783f93ae20a7ee77eefdb0a9

64

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x16e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34119
MD5 2e4ead1cdfb6420ff8e27f257326dd43
SHA1 c28fa80af18ae63c929305231c927f7a8c1e610b
SHA256 64a627e0bfe1b568bfcb965693226d421050b4beea30077a5a135eb43fe64cf9
SHA3 ae65b8690ff17cf588f7ddf89f5b95bffa6a857b76d69d4a82d8527cd1cc40df

65

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x91a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39069
MD5 7cd10d4aea58b221900a901749871970
SHA1 9346515a5b7b5a8981a49adbc71243bc5bb87e65
SHA256 e58d3ae702edb8a00cc6341f49bfd151bf5a4982cb50f97e80bb8bb9531b6e2a
SHA3 f024f2b0ed174bb5b76604696c27c756f5f68e5255d7eef2117252e280d89996

66

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x880
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.42773
MD5 05963fc677fa6150029c8bd2d3ce40c0
SHA1 c57d948947dde7e4c3fffc452885550fdf1a8cff
SHA256 08ece24285fd511f0beacfbb34d763727277741961db4ea598cf9c43f8594af7
SHA3 e74e871591bbaf6634774428f183c51014352c9a94c672a7e39e1a5bf2b30505

67

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x4fe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39393
MD5 dfd3a93cc56a4aacff3ba1d099e60d23
SHA1 235a5c5a4603e3740e6e966e97e79f5a5f1db2b9
SHA256 bcc2dd8244f68e72d604abad1c26acb9da169a473a3be0f6be7d891f913cef48
SHA3 1f4b6bb51d398b42983d2bde1d8c70c1a04b0c7b9ebc93415f4720c8e45dee63

126

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x518
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.58134
MD5 6cf1325afa6a341499c3847ff34d6457
SHA1 8dbe9f9333fb8746e5500aaa57baec9a9fc1dc32
SHA256 922d5d81f7729db632ffdb238b9e47b6e614f8fdc62c0138652c40b9e4358914
SHA3 0a242a156115f31a60620e84659410324cde7f7d911252707fcba3e7cb12b6fd

127

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x6e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.47759
MD5 ef56f777528a39742f056533767262b2
SHA1 0d6791ca98670510278755c9606d19f2e2197b5e
SHA256 5a222ae952743ea07290143fb590ad2d479bb8ec5e32d05447a1a78a328b4d2d
SHA3 18bab4eae4c5923fd834458e8bd82d0f72cc7ca445a3cf2fcb637d2d1890bf9c

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.07623
Detected Filetype Icon file
MD5 3441bf864ec022cfd403f8dca6adc553
SHA1 d2f0375fa0a042988017113e0ab91ab17e4911c5
SHA256 62a504fc60e92d152bd052970abbc79c34b2d4016cf1486fc835009161d09b55
SHA3 c705a53a3c09e7d02981280842911bb344632314cfe27aeb998cb325ccf33d58

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x5df
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04402
MD5 2f5a5345dc279c35c156f57037d5e50e
SHA1 9bef8b6bec2382209bdad2b06706a15b69f74fe0
SHA256 98f8ff274c1f491e0bc777dca726b1c45078bdae83244da5c67cecbfbc9b2127
SHA3 83990283fd144ecbba6a8cda5d55b11ff4192aaa904379c230e8e85213b27a24

String Table contents

This is an incomplete self-extractor;
please re-create the file and try again.
Please insert disk %d in drive %s.
Please insert last disk of set in drive %s.
No disk or invalid disk in drive.
Please insert disk number %d.
The disk in the drive appears to be
missing or has an incorrect label.
Insert disk number %d.
No password specified
Incorrect password specified
NOAUTO
Setup
AUTO
This 32-bit self-extracting Zip file requires Windows 95, 98, NT, 2000 or XP.
Abort unzip operation?
File %s is in use by the system. Skipping ...
Unzip Aborted
Error %d running command %s
Error changing to "Unzip To" folder
File %s already exists. Overwrite file?
No folder specified.
\TEMP
This file is intended for use under Windows 95, 98, NT, 2000, XP or a system with compatible long filename support.
On the version of Windows you are currently running, any long filenames will probably be truncated and improper operation may result.
Continue anyway?
TEMP=
%d file(s) unzipped successfully
To unzip all files in %s to the specified folder press the Unzip button.
WinZip
extensions
When &done unzipping open:
This copy of WinZip Self-Extractor is NOT LICENSED for distribution. Any distribution of this file is prohibited and is a violation of US Copyright law and international treaty.
The registered version does not display this message.
WinZip not found on your system.
WinZip is an award-winning Windows archive utility that brings the convenience of Windows to the use of Zip files. WinZip features built-in ZIP and UNZIP and an easy to use drag-and-drop interface. Fully functional evaluation versions of WinZip are available from the WinZip web site: http://www.winzip.com
Can't create output file: %s
Unsupported compression method
ZIP damaged: file %s: Bad CRC. Possible cause: file transfer error.
Invalid ZIP header. Possible cause: file transfer error.
Could not create "%s" - unzip operation cancelled.
Error in folder name specified on the command line.
Unzipping %s
Error writing to %s. Possible cause: disk full.
Error reading %s. Possible cause: bad disk or file transfer error.
I/O error on file. Possible cause: file transfer error.
To unzip all files in %s press the "Unzip" button. Files will be unzipped to the folder specified in the "Unzip To Folder" field. This folder will be created if it does not exist.
You can also unzip this file with a standard zip utility like WinZip.
Zip file is damaged, truncated, or has been changed since it was created. If you downloaded this file, try downloading again.
%s
%s
Licensed to %s
NOT LICENSED FOR DISTRIBUTION OF ANY KIND
This self-extracting Zip file was created by a
registered user of WinZip Self-Extractor %s (%s)
WinZip(R) Self-Extractor is Copyright(c) 1995-2009 by
WinZip International LLC (www.winzip.com)
This self-extracting Zip file was created by an
unregistered user of WinZip Self-Extractor %s (%s)
WinZip(R) Self-Extractor is Copyright(c) 1995-2009 by
WinZip International LLC (www.winzip.com)
Drive %s is not a valid drive, unzip operation cancelled.
Cannot use command file %s
Windows does not have a program associated to run with it.
TMP=
Unzip to Folder:
TEMP
Zip file contains filenames longer than are allowed by
Windows. WinZip Self-Extractor cannot process this
Zip file.
this self-extractor file
The selected folder contains unsupported
characters, please choose a different folder.
Invalid command line parameter (%s).
WinZip Self-Extractor
Please save the file %s (created on your desktop) and inform WinZip Computing.
Internet: support@winzip.com
Web: http://www.winzip.com
Postal mail: P.O. Box 540, Mansfield, CT 06268 USA
WinZip Self-Extractor header corrupt. Possible cause: bad disk or file transfer error
not enough memory
WinZip internal error in file %s line %d
Current date/time: %02d/%02d/%04d %02d:%02d
Module name = %s
Operating System Version %d.%02d
Windows NT
Win32s
Windows 95/98
Version %d.%d
Memory in use = %ld%%
Total physical memory = %ld Kbytes
Physical memory available = %ld Kbytes
Total virtual memory = %ld Kbytes
Virtual memory available = %ld Kbytes

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x417420
SEHandlerTable 0x414fc0
SEHandlerCount 18

RICH Header

XOR Key 0x4d51635
Unmarked objects 0
ASM objects (VS2012 build 50727 / VS2005 build 50727) 19
C objects (VS2012 build 50727 / VS2005 build 50727) 112
Total imports 198
Imports (VS2003 (.NET) build 4035) 13
C++ objects (VS2012 build 50727 / VS2005 build 50727) 61
Exports (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Unmarked objects (#2) 2
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors