Manalyze report for 12a0b9ff2427dc15ad5568f08d074e2a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Dec-01 08:08:28
Detected languages	English - United States Process Default Language
Debug artifacts	d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.nosteam.ro http://www.nosteam.ro/index.php?topic http://www.w3.org http://www.w3.org/1999/xhtml http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd www.w3.org`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Can access the registry: RegCloseKey RegOpenKeyExW RegQueryValueExW RegCreateKeyExW RegSetValueExW` `Can create temporary files: GetTempPathW CreateFileW CreateFileA` `Can take screenshots: GetDC CreateCompatibleDC`
Suspicious	The file contains overlay data.	`4232182 bytes of data starting at offset 0x2e000.` `Overlay data amounts for 95.7378% of the executable.`
Suspicious	VirusTotal score: 1/69 (Scanned on 2022-03-31 05:09:39)	`Bkav: W32.AIDetect.malware2`

Hashes

MD5	`12a0b9ff2427dc15ad5568f08d074e2a`
SHA1	`72f3ce2ed6fe9164b415ac5eec1f8f74698d923c`
SHA256	`c8f0a4f032002425ab5698ba09b1fa47e02c9ea8819c595ec19d67f0da560a64`
SHA3	`2343c556fa86fbac3f61ddd592ace458584e651bf5c7f2b05121d7820d7ae478`
SSDeep	`12288:DL/SIfiqD68waA7HM7sVhBnwftiSQWvDhFl3rR/2asG2SAecp2lVFrjioBv:n/Zages4OfPR/pl+7G2SPcpGVFrj5v`
Imports Hash	`cb23e26cc45ed9aa58fdce155e7da31a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2013-Dec-01 08:08:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x18800`
SizeOfInitializedData	`0x15400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000108AF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x5f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f77b65eb4df3bb34f899e97dcab49e3c`
SHA1	`9c680e516b05314f46410ebbe86f0ec95ee2ac5c`
SHA256	`39dda639e59c3fb788eb99620928dcfe5561a93483792c5a1952cd3392645b03`
SHA3	`ddca16b4acaf9d2eeb4644f0e248345f4b6b14d791c6ac80eff268fd0313d7d5`
VirtualSize	`0x187ba`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64693`

.rdata

MD5	`e4f05d946c236d594ae9fc2eb75a5cd9`
SHA1	`74c3687b038ff968c118961c54330173b8bf9579`
SHA256	`5228529e7fd9751e24645e981c8ee4692027f2da3b442fcc1bd812f7a42022fe`
SHA3	`06d98fc2bd0b8729598912c263de55438571f8033740a126c76297a6ded9186a`
VirtualSize	`0x4533`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x18c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31736`

.data

MD5	`0074c88ffb5fd7b9d732c00f62cce445`
SHA1	`c7178b3d2f6acc1e58b74c4e530d779ca49d77e3`
SHA256	`5c30f0b396a298398db2a1db1de2eebc79c9ce00d3da9528884c58744b196d1e`
SHA3	`9e36a9ed14756a459194618784f78140711df841bc9610926fe0e76c8dea4dda`
VirtualSize	`0x2fe28`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.34631`

.rsrc

MD5	`c0d90665b23bf90c3de1d440c6bcce7c`
SHA1	`d04db7292993b66936caad7fc6d2a075fce4037d`
SHA256	`c9bb09bb20f3d4c71b2c7e8217cf84c852cb6734b9355b4f9611db3cbe88891b`
SHA3	`9f2a0e995888f4583172991e27d4a84fd043992a8458bfaa15916c0b7394db3f`
VirtualSize	`0xfbec`
VirtualAddress	`0x4f000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.26656`

Imports

COMCTL32.dll	`InitCommonControlsEx`
SHLWAPI.dll	`SHAutoComplete`
KERNEL32.dll	`GetFileAttributesW` `SetFileAttributesW` `MoveFileW` `DeleteFileW` `CreateDirectoryW` `FindClose` `FindNextFileW` `FindFirstFileW` `GetFullPathNameW` `GetModuleFileNameW` `FindResourceW` `GetModuleHandleW` `FreeLibrary` `GetProcAddress` `LoadLibraryW` `GetCurrentProcessId` `GetLocaleInfoW` `GetNumberFormatW` `ExpandEnvironmentStringsW` `WaitForSingleObject` `GetDateFormatW` `GetTimeFormatW` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetExitCodeProcess` `GetTempPathW` `MoveFileExW` `Sleep` `UnmapViewOfFile` `MapViewOfFile` `GetCommandLineW` `CreateFileMappingW` `GetTickCount` `SetEnvironmentVariableW` `OpenFileMappingW` `WideCharToMultiByte` `MultiByteToWideChar` `CompareStringW` `IsDBCSLeadByte` `GetCPInfo` `GlobalAlloc` `SetCurrentDirectoryW` `WriteConsoleW` `GetConsoleOutputCP` `SetStdHandle` `GetLocaleInfoA` `GetStringTypeW` `GetStringTypeA` `LoadLibraryA` `GetConsoleMode` `GetConsoleCP` `InitializeCriticalSectionAndSpinCount` `QueryPerformanceCounter` `SetHandleCount` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `HeapSize` `LCMapStringW` `LCMapStringA` `IsValidCodePage` `GetOEMCP` `GetACP` `GetModuleFileNameA` `ExitProcess` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `InterlockedDecrement` `GetCurrentThreadId` `InterlockedIncrement` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `VirtualAlloc` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `VirtualFree` `HeapCreate` `GetStartupInfoA` `GetCommandLineA` `SetFileTime` `ReadFile` `GetFileType` `SetEndOfFile` `SetFilePointer` `GetStdHandle` `FlushFileBuffers` `WriteFile` `CloseHandle` `CreateFileW` `LocalFileTimeToFileTime` `DosDateTimeToFileTime` `SetLastError` `GetLastError` `GetCurrentDirectoryW` `CreateFileA` `WriteConsoleA` `GetSystemTimeAsFileTime` `HeapAlloc` `HeapReAlloc` `RaiseException` `RtlUnwind` `HeapFree`
USER32.dll	`EnableWindow` `GetDlgItem` `MessageBoxW` `ShowWindow` `FindWindowExW` `GetParent` `MapWindowPoints` `CreateWindowExW` `UpdateWindow` `LoadCursorW` `RegisterClassExW` `DefWindowProcW` `DestroyWindow` `CopyRect` `CharUpperW` `CharToOemA` `OemToCharA` `OemToCharBuffA` `LoadIconW` `LoadBitmapW` `PostMessageW` `GetSysColor` `SetForegroundWindow` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `DestroyIcon` `SetFocus` `GetClassNameW` `SendDlgItemMessageW` `EndDialog` `GetDlgItemTextW` `SetDlgItemTextW` `wvsprintfW` `SendMessageW` `GetDC` `ReleaseDC` `PeekMessageW` `GetMessageW` `TranslateMessage` `DispatchMessageW` `LoadStringW` `GetWindowRect` `GetClientRect` `SetWindowPos` `GetWindowTextW` `SetWindowTextW` `GetSystemMetrics` `GetWindow` `GetWindowLongW` `SetWindowLongW` `IsWindow`
GDI32.dll	`GetDeviceCaps` `CreateCompatibleDC` `GetObjectW` `CreateCompatibleBitmap` `SelectObject` `StretchBlt` `DeleteDC` `DeleteObject`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW` `RegCreateKeyExW` `RegSetValueExW`
SHELL32.dll	`SHBrowseForFolderW` `SHGetMalloc` `SHChangeNotify` `SHFileOperationW` `SHGetFileInfoW` `SHGetPathFromIDListW` `SHGetSpecialFolderLocation` `ShellExecuteExW`
ole32.dll	`CLSIDFromString` `CoCreateInstance` `OleInitialize` `OleUninitialize` `CreateStreamOnHGlobal`
OLEAUT32.dll	`VariantInit`

Delayed Imports

101

Type	`RT_BITMAP`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x7258`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65139`
MD5	`35ef2a3ef256e826e624e82d7b877c3c`
SHA1	`5ed62641ab48ab7955aa2d57c5bc7eebeb8334e2`
SHA256	`bdf98c9242d4c1743c09bd5de21beedb1f7b76bade02c8850bf87bb3433b1624`
SHA3	`98b12c1b71a2c4454a2305afd6d1b921d0898bb410bd997de4011af3b8f88685`
Preview

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4156`
MD5	`ab8ae878e6936d226bbda96177bf6bb9`
SHA1	`1dd3384e7cff3c671c82400abd7bd6b22082c7e0`
SHA256	`c7c33afb2e4d8c1a5b4400c1fc675323251fba3efefc507f75a107c0019b2d33`
SHA3	`9a71bff6e4fd3e698da71b30827519c0b17cdc88125ae4d529931bd0d30c5b3b`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57297`
MD5	`44c4119c4de91b70b5a1995728292c04`
SHA1	`0201f6a02b4b778e1d4c5d75c7cb76cd69ea6e60`
SHA256	`508c5d363721b001a0bcff44e925129504afbc3ea5e36e718cda2da17b29cdc8`
SHA3	`300946986325abc2c65b394e339417ad87888ad3d27efd78eff9ef8d81a7fcf0`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70555`
MD5	`548e3d4e7ebf5d8b57d75e6915b8a1a7`
SHA1	`eb73ecf5723d505b65a6990a5139f53f6cfe4a03`
SHA256	`ce911c25279921da64a65dad9e3e308de6af3ce9d64d269e362e4173f560d272`
SHA3	`c7183f65cf8cd95d5d624f42e4b5042475fb67c3f0ab386447d0183a43144ebf`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.5129`
MD5	`e22f1469ea964e3b354329c1040a9099`
SHA1	`346174f8a1155b6b205b4788eb8af10c28922074`
SHA256	`0d2a921a68683583886a12c2164d41a9fd6a1d48f397b2ed07a156a5b9b57233`
SHA3	`b8593184ec59a601c2f4cbe96855411b45ed4938606e5d15e8c2a5ca1f9aac70`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.72198`
MD5	`a0eb7dadb538285f2a924d34a5f4d163`
SHA1	`a63647119190233c13a2d861d05bb56eeec71fa1`
SHA256	`af24d1ecc544132b837f09d4ce0e811b76615fc6b9b6cbf3f24021b7a16a26fc`
SHA3	`581c42101a22621b771e14e5ddd002562f0c65d9c9766a72203f6b35071593b5`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61913`
MD5	`ba6a0f32eede920132e21135451d4aa2`
SHA1	`8e0953536da2f3a22310fcfa84d0a6a3f63c3343`
SHA256	`bcd2d44e8471a33d8bcf96c0e93a9fad9aac4525bc6377cbedafafd448aae9a3`
SHA3	`1cab191c3c7c0ec6887aa84311f76d3fbd4dd976fcffd3c337d2003f7971995a`

7

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10823`
MD5	`09e6bdd56ea21244767d0ca193114d95`
SHA1	`12c1d709012846ed7a3d5626543da155f26a7bf1`
SHA256	`2df370b64a6be91f59da3173d462646771a20fcf0f0465378267e96438fe1878`
SHA3	`a35fd1fa4c2557e93d6ca0f9bb517c3e6d66fafc1412729818b15d4089acc304`

8

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61606`
MD5	`40e6b7025538e2088792868b59e6e763`
SHA1	`ca69a44a7819a2841c17841b2724680e2dd13044`
SHA256	`68c5323a62874907d45f676207ff2c6b0e3a682a80474bb1b8ac6902b2e0e2bc`
SHA3	`442776c808a0fdb4ee35f4c3aad075127af1559261b175584fe4ef9c2b9d2241`

9

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05244`
MD5	`e16992ed90fd2d1e336fa1922833f6a2`
SHA1	`5abc4f0086f79ec1abce1ca5aa62e6874da016cd`
SHA256	`e27f607c737cc38ec8b74358761a53dc7c49c16a3cce80301975cb6ee7134261`
SHA3	`c786b10f073d47b3ffa6e7126e7502fafe8cb4a77921fea613b9889586bfbec9`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x286`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42597`
MD5	`361be3e9f16096819f38433be227aeab`
SHA1	`303da809d3ec1bfc46b5fa4fde1733cfffdb9596`
SHA256	`887347f27d903f6652ba35c3dfae297c23435755a63e02a80259ee6dd0b8af86`
SHA3	`db76532737d079016d6f113bb1ac833820a004c041973cb70af7ed2cf185da55`

GETPASSWORD1

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x13a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33944`
MD5	`331b55f85040e216e56c0b8e843438a8`
SHA1	`af4002fec283154f7d72fa3f363d28dbb1536f85`
SHA256	`2e11a1ed4f812e37fdb32a1310cdcca802c46497c27e33ab66ac127345463d31`
SHA3	`206eda4241a8bdb201359d75e1063c41ed5aba18392eea3d09b31bb5ed4f5f8c`

LICENSEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16133`
MD5	`4da01a070e57545f97e0d84bcf1524e5`
SHA1	`eeeadb106e138aa26b66d276f84c8d076a31142e`
SHA256	`44e6a8daef1ac762f8016fc4c8aec52bad42f589b6d8a25d430a619610dd0028`
SHA3	`a018ce14f68b06cbed4adb1bf6714f3b6c1aa64fa2afa2215e037aa654f9fcee`

RENAMEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08925`
MD5	`23f9ee829c671147edcb4e5fc285dc76`
SHA1	`65f15e95491df6b271c340bc3cf6fc2a6e628a31`
SHA256	`30358e9c494ca9d125b34ccb93a2d8f1237042904f6fcecc2f5ca9a83b7dba9d`
SHA3	`830894d4015e75dd74224a9a6e70c573491f721f5d9526bbb9cbf766cf000092`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31987`
MD5	`822b9ba661d87f4dedeb47b67cdd4d5a`
SHA1	`b7902c16350bc2ee7fd78fbeb9461d2f123d59be`
SHA256	`a1141852e6fb28826de51733ee35fbfdcf74dd8eb7f73049c7c7ad6c21d0cb33`
SHA3	`712432c699365c95e1b04b3a44cebc97ce77f9824418dbb6784f0c653567325e`

STARTDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51642`
MD5	`14623c62285bf3fab07f52a8d4ee7758`
SHA1	`559c8c2d1ec322f7860a909c1d63b22e8e74dd42`
SHA256	`0f47dbda4a6e61d3288f63f249d25ab3f6e1fe497879a782d3eb1cd3922f3f4e`
SHA3	`c28724b596203a4f657d2ac87547e81631dd95cb46d7b43c9989c30b002f333a`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1586`
MD5	`2ee005bf14efd62d866ca276e73b47aa`
SHA1	`e098ed7de14a3221722e8c25ada1cb901ce85978`
SHA256	`450b4d82a86dba50acea995d6356e0174a242081f2c2438f6f88c29038f7097d`
SHA3	`3bd4b237507bdbc645d985837c718b5df99fa6c91e862fe59f7295cd82c7d0b0`

8 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11685`
MD5	`91984a8521454b1758674f2f0765e695`
SHA1	`f48b0e0ca433d99226abe5cb9f1421b5dc204d31`
SHA256	`89051dca472bd5ebb7b344c05150755b6e3d32cb0dffea086c04186820b188d2`
SHA3	`c7c2157fcb23e3b9253e37f60afe11361c625e3d5e0535bbbf988387d2cd517c`

9 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x218`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18906`
MD5	`c3718f9addbdde27b825e90d41942c89`
SHA1	`6c8a689c6924886701e26650ec8dab435cea57b3`
SHA256	`8bc43669fe84684f720ac1ddffb0624dc59d9912a9de50b70f14d89ffaa8162e`
SHA3	`b2669f149310f6efd4f56d0731a79ce3e4ced0cfd53c8184c9721fb2e196fabb`

10

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99727`
MD5	`06aeb5ae44f152010b502d79d78da978`
SHA1	`765389e59fc961fb9782413bccd6218c0ed29c95`
SHA256	`1e87eca343221966ecd9472109f3baf9081c821e3f4e905aa34eb8bce73af4e7`
SHA3	`dda651f9f04eded147d6b4d66801eb000f7f83f5e6161c919beca8e51e7b6f8a`

11

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x446`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2036`
MD5	`50607cbf5fa33da61e8d119c4a2c0c9b`
SHA1	`d38285a743fe1ebf62ecb612d62336060c865bc7`
SHA256	`06b2bd666ed1afbbfc9914b94d703087c18248c5fe28dead42e42f22c3984c5e`
SHA3	`9bc82cef576158d1c1bf6c60e77dae43a3c3ef80d1373ceafa46da206fd67cfe`

12

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x166`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12889`
MD5	`70f271b2edd6a05942b95abced225c10`
SHA1	`dd3de2dc38efaf506c8c902edc3c6639651babbf`
SHA256	`d5755fffe2a9a4baf3593b8fba9a029b23bcc08e77c8d98e07b93baee6b9e6de`
SHA3	`99f9038fe42c25749482786e85b1f0ee5dda044080bf4ea4b311b333a3098c63`

13

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95673`
MD5	`269a2d7069663060af7c9dd46b06fa63`
SHA1	`3addd59b10812bf9a9a37c28139b048acf8bb003`
SHA256	`a71a1445d83285856c39bf2f0caa19e88c9be65f0178a6878f321a925a21f97c`
SHA3	`9a7c6ec3de596dee9c3710ef77cb4693c3d5b584d842ccac347b066e46afbdf6`

14

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77928`
MD5	`f2f57022da11e6b34117697226056e76`
SHA1	`94643fa46ab3195fa8fd17faed49d09a2c8d9fda`
SHA256	`71966cf60a28c1cdde4196d7909347e3f66661546af21edbacb15c7116944832`
SHA3	`c30201373f1a146121e6a60a036cdbbed0031c6ccae088ab15e9cd58c9339f61`

15

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66523`
MD5	`89a43dafc107b44772a8981732b46a24`
SHA1	`3279b3c6f3470c0229fe6d68949357694bb7052e`
SHA256	`a8723b6cd67785f8b43dad75a1eb9b383db0e8a9a0b36378c2dcaef003aad4fd`
SHA3	`75e6b0a27466944416cc7a123168219c5c92a4eeef5f64eff9e9d38c46114620`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89097`
Detected Filetype	Icon file
MD5	`a6469ac97a109b7c2bc1bf3020168af3`
SHA1	`53f3b4b4b61af9cde9de74a33fbc492c71f7660c`
SHA256	`ca82878ac6f8f5d26249f03257b496eebf06e2d20e02349a0b871bf92766535c`
SHA3	`15f2850e54173ca36462fa901e1019404484e4da82f3668cb938a5e593f2ed53`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x640`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22792`
MD5	`d77609172db971b831b6fcd7f26b2ce3`
SHA1	`188e6d15191967f8deb3f41ec8e1af0af1684008`
SHA256	`c410d24baf3bcd455d35b9eb44ca14dee587be9e1e167fc6d8788ef56aa134fd`
SHA3	`6cf113ae7dab30eb9676fa517c0144356bd31e46107ae1cb4f462686e39236ac`

String Table contents

Select destination folder
Extracting %s
Skipping %s
Unexpected end of archive
The file "%s" header is corrupt
Corrupt header is found
Main archive header is corrupt
The archive comment header is corrupt
The archive comment is corrupt
Not enough memory
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s
Checksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s
Packed data checksum error in %s
Wrong password for %s
Write error in the file %s. Probably the disk is full
Read error in the file %s
File close error
The required volume is absent
The archive is either in unknown format or damaged
Extracting from %s
Next volume
The archive header is corrupt
Close
Error
Errors encountered while performing the operation
Look at the information window for more details
bytes
modified on
folder is not accessible
Some files could not be created.
Please close all applications, reboot Windows and restart this installation
Some installation files are corrupt.
Please download a fresh copy and retry the installation
All files
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
<li>Use <b>Browse</b> button to select the destination
folder from the folders tree. It can be also entered
manually.</li><br><br>
<li>If the destination folder does not exist, it will be
created automatically before extraction.</li></ul>
The archive is corrupt
Extracting files to %s folder
Extracting files to temporary folder
Extract
Extraction progress
Total path and file name length must not exceed %d characters
Unknown encryption method in %s
The specified password is incorrect.
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create hard link %s
You may need to run this self-extracting archive as administrator

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2013-Dec-01 08:08:28
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x1c910`
PointerToRawData	`0x1b510`
Referenced File	d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41f3dc`
SEHandlerTable	`0x41ca90`
SEHandlerCount	`19`

RICH Header

XOR Key	`0xe14244d6`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`25`
C objects (VS2008 SP1 build 30729)	`126`
Imports (VS2008 SP1 build 30729)	`21`
Total imports	`218`
C++ objects (VS2008 SP1 build 30729)	`86`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES