Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Dec-01 08:08:28 |
Detected languages |
English - United States
Process Default Language |
Debug artifacts |
d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb
|
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
4232182 bytes of data starting at offset 0x2e000.
Overlay data amounts for 95.7378% of the executable. |
Suspicious | VirusTotal score: 1/69 (Scanned on 2022-03-31 05:09:39) | Bkav: W32.AIDetect.malware2 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2013-Dec-01 08:08:28 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x18800 |
SizeOfInitializedData | 0x15400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000108AF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x5f000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
InitCommonControlsEx
|
---|---|
SHLWAPI.dll |
SHAutoComplete
|
KERNEL32.dll |
GetFileAttributesW
SetFileAttributesW MoveFileW DeleteFileW CreateDirectoryW FindClose FindNextFileW FindFirstFileW GetFullPathNameW GetModuleFileNameW FindResourceW GetModuleHandleW FreeLibrary GetProcAddress LoadLibraryW GetCurrentProcessId GetLocaleInfoW GetNumberFormatW ExpandEnvironmentStringsW WaitForSingleObject GetDateFormatW GetTimeFormatW FileTimeToSystemTime FileTimeToLocalFileTime GetExitCodeProcess GetTempPathW MoveFileExW Sleep UnmapViewOfFile MapViewOfFile GetCommandLineW CreateFileMappingW GetTickCount SetEnvironmentVariableW OpenFileMappingW WideCharToMultiByte MultiByteToWideChar CompareStringW IsDBCSLeadByte GetCPInfo GlobalAlloc SetCurrentDirectoryW WriteConsoleW GetConsoleOutputCP SetStdHandle GetLocaleInfoA GetStringTypeW GetStringTypeA LoadLibraryA GetConsoleMode GetConsoleCP InitializeCriticalSectionAndSpinCount QueryPerformanceCounter SetHandleCount GetEnvironmentStringsW FreeEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsA HeapSize LCMapStringW LCMapStringA IsValidCodePage GetOEMCP GetACP GetModuleFileNameA ExitProcess IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess InterlockedDecrement GetCurrentThreadId InterlockedIncrement TlsFree TlsSetValue TlsAlloc TlsGetValue VirtualAlloc EnterCriticalSection LeaveCriticalSection DeleteCriticalSection VirtualFree HeapCreate GetStartupInfoA GetCommandLineA SetFileTime ReadFile GetFileType SetEndOfFile SetFilePointer GetStdHandle FlushFileBuffers WriteFile CloseHandle CreateFileW LocalFileTimeToFileTime DosDateTimeToFileTime SetLastError GetLastError GetCurrentDirectoryW CreateFileA WriteConsoleA GetSystemTimeAsFileTime HeapAlloc HeapReAlloc RaiseException RtlUnwind HeapFree |
USER32.dll |
EnableWindow
GetDlgItem MessageBoxW ShowWindow FindWindowExW GetParent MapWindowPoints CreateWindowExW UpdateWindow LoadCursorW RegisterClassExW DefWindowProcW DestroyWindow CopyRect CharUpperW CharToOemA OemToCharA OemToCharBuffA LoadIconW LoadBitmapW PostMessageW GetSysColor SetForegroundWindow WaitForInputIdle IsWindowVisible DialogBoxParamW DestroyIcon SetFocus GetClassNameW SendDlgItemMessageW EndDialog GetDlgItemTextW SetDlgItemTextW wvsprintfW SendMessageW GetDC ReleaseDC PeekMessageW GetMessageW TranslateMessage DispatchMessageW LoadStringW GetWindowRect GetClientRect SetWindowPos GetWindowTextW SetWindowTextW GetSystemMetrics GetWindow GetWindowLongW SetWindowLongW IsWindow |
GDI32.dll |
GetDeviceCaps
CreateCompatibleDC GetObjectW CreateCompatibleBitmap SelectObject StretchBlt DeleteDC DeleteObject |
ADVAPI32.dll |
RegCloseKey
RegOpenKeyExW RegQueryValueExW RegCreateKeyExW RegSetValueExW |
SHELL32.dll |
SHBrowseForFolderW
SHGetMalloc SHChangeNotify SHFileOperationW SHGetFileInfoW SHGetPathFromIDListW SHGetSpecialFolderLocation ShellExecuteExW |
ole32.dll |
CLSIDFromString
CoCreateInstance OleInitialize OleUninitialize CreateStreamOnHGlobal |
OLEAUT32.dll |
VariantInit
|
Select destination folder |
Extracting %s |
Skipping %s |
Unexpected end of archive |
The file "%s" header is corrupt |
Corrupt header is found |
Main archive header is corrupt |
The archive comment header is corrupt |
The archive comment is corrupt |
Not enough memory |
Unknown method in %s |
Cannot open %s |
Cannot create %s |
Cannot create folder %s |
Checksum error in the encrypted file %s. Corrupt file or wrong password. |
Checksum error in %s |
Packed data checksum error in %s |
Wrong password for %s |
Write error in the file %s. Probably the disk is full |
Read error in the file %s |
File close error |
The required volume is absent |
The archive is either in unknown format or damaged |
Extracting from %s |
Next volume |
The archive header is corrupt |
Close |
Error |
Errors encountered while performing the operation |
Look at the information window for more details |
bytes |
modified on |
folder is not accessible |
Some files could not be created. |
Please close all applications, reboot Windows and restart this installation |
Some installation files are corrupt. |
Please download a fresh copy and retry the installation |
All files |
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br> |
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br> |
<li>Use <b>Browse</b> button to select the destination |
folder from the folders tree. It can be also entered |
manually.</li><br><br> |
<li>If the destination folder does not exist, it will be |
created automatically before extraction.</li></ul> |
The archive is corrupt |
Extracting files to %s folder |
Extracting files to temporary folder |
Extract |
Extraction progress |
Total path and file name length must not exceed %d characters |
Unknown encryption method in %s |
The specified password is incorrect. |
Cannot copy %s to %s. |
Cannot create symbolic link %s |
Cannot create hard link %s |
You may need to run this self-extracting archive as administrator |
Characteristics |
0
|
---|---|
TimeDateStamp | 2013-Dec-01 08:08:28 |
Version | 0.0 |
SizeofData | 81 |
AddressOfRawData | 0x1c910 |
PointerToRawData | 0x1b510 |
Referenced File | d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41f3dc |
SEHandlerTable | 0x41ca90 |
SEHandlerCount | 19 |
XOR Key | 0xe14244d6 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 25 |
C objects (VS2008 SP1 build 30729) | 126 |
Imports (VS2008 SP1 build 30729) | 21 |
Total imports | 218 |
C++ objects (VS2008 SP1 build 30729) | 86 |
Exports (VS2008 SP1 build 30729) | 1 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |