Manalyze report for 19f254f418a4490d50af7c780ff9ec86de9e03565d5c6f0f5bd87352d82fff58

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2000-Nov-24 11:50:57
Detected languages	English - United States Portuguese - Portugal
Debug artifacts	wextract.pdb
CompanyName	Atelier Cassette
FileDescription
FileVersion	`1.0.0.0`
InternalName	Wextract
LegalCopyright
OriginalFilename	WEXTRACT.EXE .MUI
ProductName
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	PEiD Signature:	`FASM 1.5x` `FASM v1.5x`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `May have dropper capabilities: CurrentVersion\Run` `Contains domain names: Command.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegQueryInfoKeyA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE is possibly a dropper.	`Resource CABINET detected as a CAB Installer file.` `Resources amount for 99.8115% of the executable.`
Malicious	VirusTotal score: 7/70 (Scanned on 2026-03-13 12:20:13)	`APEX: Malicious` `Google: Detected` `Gridinsoft: Spy.Win32.Redline.lu!heur` `Ikarus: Trojan.Dropper` `Jiangmin: Trojan.Generic.hjqbs` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Trapmine: malicious.high.ml.score`

Hashes

MD5	`6d39301e1ef988f3df90354a4e48ebc4`
SHA1	`dcb39affc628a21d6ae656b355e05b040906d9ab`
SHA256	`19f254f418a4490d50af7c780ff9ec86de9e03565d5c6f0f5bd87352d82fff58`
SHA3	`aa282f062b2e41fc2186cffc5dcaeec65a03faf03dc96a8329c82c9e791d7b12`
SSDeep	`393216:7F+7XICVZYIi6aNL2bubaLnztIbGw9cGTMNijM6yF+a:47pVZYIi6aNIXFdwaNi7`
Imports Hash	`646167cce332c1c252cdcb1839e0cf48`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2000-Nov-24 11:50:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x6400`
SizeOfInitializedData	`0x12a7600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00006A00 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x12b3000`
SizeOfHeaders	`0x400`
Checksum	`0x12c24d3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d3b080bd7b514f812cbee16da52b0c4c`
SHA1	`c0c1e134a78b6a0b19f75dcf8bc7bea5390a35d0`
SHA256	`1674f157091d29ce399116ac259aadfbeb1353e108353d44fb8c85b9cb139a0c`
SHA3	`9d03ea1cf191cc0e8284179571840e598bd3b67dee09dc8f4039d3cb88f473a0`
VirtualSize	`0x62c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.30166`

.data

MD5	`7b9890a93c0516bb070e1170cfde54d5`
SHA1	`9c268b36dcf88164c756c6557ee5339ddd593e21`
SHA256	`f8c66e81a1fc8e3021ffdba20f5fd57b4efb06957d5262c03e4902f4261f9e15`
SHA3	`ddf319cab06e9cd66f57bf5daa68cf59781f55249f0f818119855d1ddf93afef`
VirtualSize	`0x1a48`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.97064`

.idata

MD5	`3906fab55f211460c4a4a799648be3c7`
SHA1	`ac545042f6133f36a4795aeda8c832990ccb3ab7`
SHA256	`13a9dc9e043ee72f657641c0855ea967dff2670156b0d2cda40f9174e230c637`
SHA3	`efbdbded9e987fd6f431b8bc5ee628440236fcd31e4d6a0abd635c7fc6c5797d`
VirtualSize	`0x1052`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02242`

.rsrc

MD5	`9b395e086afb8970f83328de8f19f558`
SHA1	`64f693973341d367896cb4cf7f7d28570d08281b`
SHA256	`a05fcd1747870e615020fde6c06b13d8a45654bcf42956887164d32a18f61483`
SHA3	`a0ee6fc6d7121ad2bcce471a0ca6e23608c15a429017608fd4101a89f9940efb`
VirtualSize	`0x12a56dc`
VirtualAddress	`0xc000`
SizeOfRawData	`0x12a5800`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99866`

.reloc

MD5	`f081b23c3aa39325c504c02cdcd1422d`
SHA1	`13608fe821619185cf71700450415e76375dfe01`
SHA256	`d09b871601be0386c40b2d245718542c46300e48e0f6b05a6f0e52fca2545ec0`
SHA3	`d20338af0d4eb7fd0867d151f6b36ed58e01843dc7255ccff9de67f1ecfed147`
VirtualSize	`0x888`
VirtualAddress	`0x12b2000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x12ad400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27379`

Imports

ADVAPI32.dll	`GetTokenInformation` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryInfoKeyA` `FreeSid` `OpenProcessToken` `RegSetValueExA` `RegCreateKeyExA` `LookupPrivilegeValueA` `AllocateAndInitializeSid` `RegQueryValueExA` `EqualSid` `RegCloseKey` `AdjustTokenPrivileges`
KERNEL32.dll	`_lopen` `_llseek` `CompareStringA` `GetLastError` `GetFileAttributesA` `GetSystemDirectoryA` `LoadLibraryA` `DeleteFileA` `GlobalAlloc` `GlobalFree` `CloseHandle` `WritePrivateProfileStringA` `IsDBCSLeadByte` `GetWindowsDirectoryA` `SetFileAttributesA` `GetProcAddress` `GlobalLock` `LocalFree` `RemoveDirectoryA` `FreeLibrary` `_lclose` `CreateDirectoryA` `GetPrivateProfileIntA` `GetPrivateProfileStringA` `GlobalUnlock` `ReadFile` `SizeofResource` `WriteFile` `GetDriveTypeA` `lstrcmpA` `SetFileTime` `SetFilePointer` `FindResourceA` `CreateMutexA` `GetVolumeInformationA` `ExpandEnvironmentStringsA` `GetCurrentDirectoryA` `FreeResource` `GetVersion` `SetCurrentDirectoryA` `GetTempPathA` `LocalFileTimeToFileTime` `CreateFileA` `SetEvent` `TerminateThread` `GetVersionExA` `LockResource` `GetSystemInfo` `CreateThread` `ResetEvent` `LoadResource` `ExitProcess` `GetModuleHandleW` `CreateProcessA` `FormatMessageA` `GetTempFileNameA` `DosDateTimeToFileTime` `CreateEventA` `GetExitCodeProcess` `FindNextFileA` `LocalAlloc` `GetShortPathNameA` `MulDiv` `GetDiskFreeSpaceA` `EnumResourceLanguagesA` `GetTickCount` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetStartupInfoW` `Sleep` `FindClose` `GetCurrentProcess` `FindFirstFileA` `WaitForSingleObject` `GetModuleFileNameA` `LoadLibraryExA`
GDI32.dll	`GetDeviceCaps`
USER32.dll	`SetWindowLongA` `GetDlgItemTextA` `DialogBoxIndirectParamA` `ShowWindow` `MsgWaitForMultipleObjects` `SetWindowPos` `GetDC` `GetWindowRect` `DispatchMessageA` `GetDesktopWindow` `CharUpperA` `SetDlgItemTextA` `ExitWindowsEx` `MessageBeep` `EndDialog` `CharPrevA` `LoadStringA` `CharNextA` `EnableWindow` `ReleaseDC` `SetForegroundWindow` `PeekMessageA` `GetDlgItem` `SendMessageA` `SendDlgItemMessageA` `MessageBoxA` `SetWindowTextA` `GetWindowLongA` `CallWindowProcA` `GetSystemMetrics`
msvcrt.dll	`_controlfp` `?terminate@@YAXXZ` `_acmdln` `_initterm` `__setusermatherr` `_except_handler4_common` `memcpy` `_ismbblead` `__p__fmode` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `__p__commode` `_XcptFilter` `memcpy_s` `_vsnprintf` `memset`
COMCTL32.dll	`#17`
Cabinet.dll	`#22` `#23` `#21` `#20`
VERSION.dll	`GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoSizeA`

Delayed Imports

3001

Type	`AVI`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52241`
Detected Filetype	AVI Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`f9035cf32b756fd6a452e9fdfd4a5dd9`
SHA1	`6912e88a3ee4d2c98ca69772cec564c6334fd9c4`
SHA256	`3bd1d253c90f7e82dc70dc1e4b869cc2e5e154e6b4079be93837e4a6c68044c0`
SHA3	`8cd00290363b6d3e609845f2e5828f3e2adaf35c4a97561bcf427bbd054401a6`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22502`
MD5	`8560f7a17937a6b12f69c299ea3aa696`
SHA1	`9d36f4cffc204c7d95a606e3f8f8a11fe9d005c6`
SHA256	`cc2dd4226fb1ec2be1af4aded24c892e91235709b307fb0110f8c3649a1b6894`
SHA3	`8dcc67e8265e5892946db264b8727d967107de1efab03f9642eeb704ee3a9b48`

2001

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25575`
MD5	`733ab5b92105575b10e4716e64f874a7`
SHA1	`84177368dd4658cebdc991269a7584907f5dcc57`
SHA256	`ea6588cf6a9eaa2daaeace3bcd90ad19cfaca72505c0cbba9f10a0db2923d888`
SHA3	`7ed0210cc660b29977851bb04b3cf3c27eb4ea9953117e019b774d7b974ec128`

2001 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24127`
MD5	`c0ec343dcac7bfc97d7fb145406f7cd9`
SHA1	`64d47f82c455927125c6acc4af1770e5f977aad4`
SHA256	`1ac7c87f79214c1d80ca55bfd10425877422178a061e43b3cc1e8ae967355ec2`
SHA3	`055f521c43373f94b706bd3c97f8313f19aea0b2d8ea96e8cc08ae872a0098a7`

2002

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16025`
MD5	`57c16fb56b83819ba4b6267c6dddb013`
SHA1	`1477b9eb543fbd469c392064e4147d47e74dbb46`
SHA256	`1abfad902cece4ff79c75ee25d79fe254e3c6af72c161295c7ba006e56cd74b1`
SHA3	`941c199bcd737811c390814980c5ac4b546ef6538677f9599de9e7afed0bcb46`

2002 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x1bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21006`
MD5	`1f81a4172f1f0402b81ab7579da5de44`
SHA1	`9c0d9ec15a65fe7e99b3783bf06448f5cf71fa1a`
SHA256	`2eef86fe16daa93078b2402c154ec871c82497bb52fedab2a783589c1495ab77`
SHA3	`e0bc2c686286a0520c831e182f3e61e240339f55e0312b84a156b4ad0d6174df`

2003

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x166`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99713`
MD5	`dc468a007b317c7439d83a5985cea5a7`
SHA1	`3d89aacc7eebd8c046e2f0e95f66b2b54d577568`
SHA256	`ec8a0548b6bb169afe513ec8a366e746255c3556fe66c95067756fb3ec8b895b`
SHA3	`505917a9fccb89b46551e12f0ced60758a952248cd6f0f7c69967e2e6eabea8d`

2003 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x174`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03491`
MD5	`85d119d3d8e4de4dc0318ffcd3c4d048`
SHA1	`ea4bb4f036b2279f1d330d78b2eb0a1408f432e0`
SHA256	`ac2f29ab3f072d69281790dbe51c2f96fa8d4e63e3d93201fb8ce9eb9d57b2a1`
SHA3	`9ae49ab59f923b2253ba637285d380cfb8be033ace07045a6a694c24e04cc219`

2004

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11992`
MD5	`a5187dc5894162b201fe774046408732`
SHA1	`81611f2aa32cfc8b03f00856f319870e97554b7d`
SHA256	`a3565ee9a8656bbdf37e3a50d14d954280cba4895576687a261200aefa1b5b39`
SHA3	`f9fe30ec54d6b149fa57e2cff2eeece6354e12fb7903c85ec221418ac11e94d0`

2004 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x1d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13331`
MD5	`06a8b6e99fcc9611ad61f988a1834dea`
SHA1	`c58875102b42294d18496913d0e1f4fe1a950616`
SHA256	`10b89d3489c0be5bbc206dba246fdf5a277261b800171a6da4445004a19323c1`
SHA3	`af33e2e38324c3a4dac79b1ecfc7429cf8b6566f1f36816bcf57ce859a4ca284`

2005

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97326`
MD5	`ecc5f63aedee66cebcda9ed8fcb3e9f7`
SHA1	`60fadb22b7c1ac3638b8a4d12e2cbe174941ac71`
SHA256	`238d6c2e50312c555901a61e92afad3c7c6b42b9abd5acdda68658c2e2b48678`
SHA3	`b0eb2e4784dc0ae082c941596324510ddcdcd045da590b9db81d1c41f08f02da`

2005 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00704`
MD5	`432f5878902b778a0845e19b20e61da1`
SHA1	`42f2d5348f45f98c642687437e2f5ab5b9fd1297`
SHA256	`f02ca2024d1724c6ee175204cdd4166c6fccc9363ce1b2cc367ce8bf65198d25`
SHA3	`dc971a25ba20be4aa475ded77ef36713260a16557f445e31d2429a6b060c88da`

2006

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97672`
MD5	`42e1aa8919d27f02bcfc6981dbe5248e`
SHA1	`ec432b9979fad89557dd0b0ff1de774750f03f76`
SHA256	`cc21e9115c14c21af11786ff781dcf25c81beda500acf4966d0ddc7260610b06`
SHA3	`a11e5a0307464c1c66d9615a47d5568ab6bcd39c6bd6858842ad3c535272a129`

2006 (#2)

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x112`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96739`
MD5	`57822a5a86f3831cb67cba63fe0e432d`
SHA1	`1ee9d62c1685800f79cb8a41c68e76e813afdbc3`
SHA256	`99199323985aeeb396a475da820cab4a58f530dfae950bfbae0993b246084194`
SHA3	`be0d8722b7882c199daf5d45fa08960c82f7486db60b84f0fd701750e8e62930`

63

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48958`
MD5	`ad0fe039aecc9c8af6f573923f182a0a`
SHA1	`b4fd492a37127d31fc36b7bd07084cc2f1ae18a1`
SHA256	`29b228ae95784d37b8729fe88e3bf1346c4b1339231dd1e9f702fab0654c5b1f`
SHA3	`7a67b4664ab18841c125d33dbe110fe774b16f91d1471094307c0ac35be5d8a8`

63 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0xa6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68735`
MD5	`5b38fa760930bee1364f9c3c2a5b6c64`
SHA1	`bea151d086f617230118b13feae9d43b4150e347`
SHA256	`d44c50c85688b622cc5ad5da869d8c533a051413c7015d21db34e894633c7138`
SHA3	`fa5fbc5b482b230117f027f2787315a07391ee11da088c696bdac2ec2a59f455`

76

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x520`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2674`
MD5	`0f3f664bff00f8c4a1b42349d2956963`
SHA1	`d0ec056db75705bd79b7ebf1767c91dce955d79a`
SHA256	`7cc882dbb9f1315968f31bf40b57a535ff468271e253575752e03cb4aaa25f0c`
SHA3	`a81b1ab97bb98d4fb6d1619bf8bdee495b3176693e77305e438805563e952b91`

76 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x678`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3033`
MD5	`76ec7f7c2fcb0f2b267dc9c474df1b9e`
SHA1	`94fe109e9f77e8514b44dcc07194e1588f29173d`
SHA256	`7eb021d19a6d18179a4439c5b33e345b3b7a9d92c5313c88b87ca4e6791a1be1`
SHA3	`196e9cf3b2f74b490ad01d494bdb8d8b586d6ceee0efa6eb6be774088172cf78`

77

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29977`
MD5	`5f3ef55a113dc5f00ffc647e8be50df1`
SHA1	`cf04ac59ce78d6b2ffde0990ef76cf40ee1c439b`
SHA256	`3f715c8970d240cb57ba8ae8914ea8385b42728ffd48a3916493422a80cc3ed4`
SHA3	`fdabc44cd05ee45599b1e28ee3ca323cd6768db6606bffe95ceb6025b31b4d2f`

77 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x708`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29279`
MD5	`d3fcc8f149dd83387518a7c20c0103ae`
SHA1	`3cd2379d5d6c4ba7d13bcf60a248661dec96b393`
SHA256	`7a38c7e56849ac45a0869c7eef6332f3dc70a50829dd1f19ca1243be33ffd50c`
SHA3	`503aa8670641b132c8a5cd8ba8820d4852abecf6f69d669fe92cf171a9becc6f`

80

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27174`
MD5	`1f268a77ca8f853ff0c410e622706bef`
SHA1	`75afb11daf446704dddb5ef5fe39b2009aecf01d`
SHA256	`39023f15fbabf4be02e0d84a76c363003374b11076406f84cd8f92e49aecd3ba`
SHA3	`5e684d700849b8552f5449c5869807ce32caa8ae657695824e4a41be4a2ee55d`

80 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x5aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24559`
MD5	`dbfcec72c09b64d22ee11a1f02dfcd88`
SHA1	`0dc544377138f091808a4916656197c03be72b7d`
SHA256	`b141ff12e013c0628d88154c0fe70f35edaa493bdae5468b69adc1e824f6e70d`
SHA3	`63551c2b29da9511d5a202f434e8573cd851a490d3aa881b141b6baf5f9ead17`

83

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x44a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2912`
MD5	`586fc633195baca29ef84b9271b42689`
SHA1	`69d5712401f0ca87f897c68f3a07ee9e01de8a25`
SHA256	`c1a5490b8a26165048de894aacdcd25e09cec0c4aebc5ff1d435f2cc4757118b`
SHA3	`04492be8d1f2fd83ad6633ec69825c302118f6039586e9f2bd804e00fdcc0913`

83 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3115`
MD5	`ed320c4ef062c783acc5d7eff672f59a`
SHA1	`a118fb0f8aa5c390765126f22938320a78bcb421`
SHA256	`5005f64c51645d23df31ddb53de61ffe0012a92cd669543fa136660651b1d70c`
SHA3	`b52c71caf78d12e7d02405c41df70bfa47ea656d5079c86d7d5e27b8f2783403`

85

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13591`
MD5	`949714f4f3946ad108bb0817d170c459`
SHA1	`01b3524390968f27c27943e9f06f145b8527f8de`
SHA256	`59d8ad57a3629edd20c7b298a6e3604eeb95dfc7c507ad7e329ea0bff7a571ff`
SHA3	`6447983c227f98b8cd5f4045d58626cd5f965fa8e9cb99c33a68a58136ceb655`

85 (#2)

Type	`RT_STRING`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x3a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20354`
MD5	`247acce377ae25fc44c74cf3913a4d7f`
SHA1	`1d5825d0fe3afa4709b8ee73adbfb0a3b817ed67`
SHA256	`e5b7f1cf44103e7197b3d3ec21b43714b69d452b2fa587ffa0f8ed0673abacd9`
SHA3	`a5364528d907013c1147bd9b5559fa0182304555180d0b549299e1c1594fbf6e`

ADMQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

CABINET

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x129b498`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99892`
Detected Filetype	CAB Installer file
MD5	`5216ef059fafc03792606a72dd8bff65`
SHA1	`d7c3ded827372e47f948ddc94e4a0b763095fea6`
SHA256	`b855fe47c30bd0e9bc67a969a8585b4d6e92a435bdc1437775dc148736ab5f3d`
SHA3	`1b14694a51d47d52233af7e9242a8f21efb36d20bb8b21b149969c70081320f7`

EXTRACTOPT

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`edcfae989540fd42e4b8556d5b723bb6`
SHA1	`8e146c3c4e33449f95a49679795f74f7ae19ecc1`
SHA256	`9d9f290527a6be626a8f5985b26e19b237b44872b03631811df4416fc1713178`
SHA3	`60c2a8073325723836f33d900267acbb341b4a1ed9cac675e75df2abbad4207b`

FILESIZES

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84627`
MD5	`7271c923408559073b6cfe3db9fb7b8b`
SHA1	`16999d7763b7018e0cd348807706eb606d9765c0`
SHA256	`e7fed99f1904b2956026a9f6f0fbfc1319c1bfabd22c3685e0cfb0bb39e67e7b`
SHA3	`65abebe282f75a546e9a0ba159fdfc33b8c243e46593ae08f494ce94e1779354`

FINISHMSG

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

LICENSE

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

PACKINSTSPACE

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

POSTRUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

REBOOT

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

RUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39275`
MD5	`186bb5464576bd303d81d7e4325612f0`
SHA1	`dfc6aea69e488936e7ab670029f939d2cec31593`
SHA256	`7b1408486451a81a9b7f8477f92e13304a9dbcd419c342dff8c358b4c183ce4a`
SHA3	`71bc8548d55538c8bc89b5c3951dc2c9bd68495234e988c4acdee81308a28393`

SHOWWINDOW

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`4352d88a78aa39750bf70cd6f27bcaa5`
SHA1	`3c585604e87f855973731fea83e21fab9392d2fc`
SHA256	`67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450`
SHA3	`295cd1698c6ac5bd804a09e50f19f8549475e52db1c6ebd441ed0c7b256e1ddf`

TITLE

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0xf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50689`
MD5	`eee78299012fa3e90200d7172f233d36`
SHA1	`a576c76d7dbfa3d4ede4451c74f51d6ffbb714b5`
SHA256	`ecb87ef1cdde9347782368eea088583c1de8f23c208d677efd5a2b508968a378`
SHA3	`1658b17e0f6c4d8ebbd51db8eef36d925ef811c1495751df7b170258de095f08`

UPROMPT

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

USRQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

3000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`fd3870afd13afcb296840c3f6f311cee`
SHA1	`a4066e5340c373ed2b4a1d953c7803edb82ab318`
SHA256	`a8d735c0b5e07ed2ff85eab27f5b590a9fe4100569ef0c878172b9cef79fb40c`
SHA3	`2a6ed2463dad36090dcc2b3e9da5cae64951afc2936a9bbcb76d39e0dec8e742`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x410`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41362`
MD5	`cc17d613660400461c4643ee563bad6c`
SHA1	`6558a563f18bc97b8abe76552c2c58b54fa26bd6`
SHA256	`f9d58f0617bd7065abaf2d3af32206882907af8812fcb5500deb25e1ba04c7b9`
SHA3	`42050b8a1ddd83360cdeeaf8a0dc3dcc23885f7fef656405b316efcfc64ee38d`

1 (#3)

Type	`RT_VERSION`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x8d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.66441`
MD5	`80be50e659b8eb4782bc4faab612a212`
SHA1	`cf7336e340a49f94351661c053d983eeba7aa877`
SHA256	`3a190e37db9ca9d1ceb70e7583e0af89c44439931dc5803247b9a2fef622cb9f`
SHA3	`0e9915aaa0fb64a9e9d9978baca15057daf9f81c76d3172abcbfcc17d5d68328`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00338`
MD5	`634f0840178e0547100a2b1d9dc715d0`
SHA1	`84630da6d3de53091e22d22d9edfd3db6aabd96a`
SHA256	`d19e438a66982e9cc16d3384fb999d9fb637ffba4a14601bba893ef1feee66cc`
SHA3	`85213375e8765a50ec479e50d15b36113c82606422498b984f9d22809e3d622e`

String Table contents

Please select a folder to store the extracted files.
%s
Selecione a pasta onde pretende armazenar os ficheiros extraídos.
%s
Failed to get disk space information from: %s.

System Message: %s.
A required resource cannot be located.
Are you sure you want to cancel?
Unable to retrieve operating system version information.
Memory allocation request failed.
Unable to create extraction thread.
Cabinet is not valid.
Filetable full.
Can not change to destination folder.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.
That folder is invalid. Please make sure the folder exists and is writable.
You must specify a folder with fully qualified pathname or choose Cancel.
Não foi possível obter informações sobre o espaço em disco de: %s.

Mensagem do sistema: %s.
Não foi possível localizar um recurso necessário.
Tem a certeza de que deseja cancelar?
Não foi possível obter informações sobre a versão do sistema operativo.
O pedido de atribuição de memória falhou.
Não foi possível criar o módulo de extração.
O arquivo não é válido.
A tabela de ficheiros está cheia.
Não é possível mudar para a pasta de destino.
O programa de configuração não conseguiu encontrar uma unidade com %s KB de espaço em disco livre para instalar o programa. Primeiro liberte algum espaço e prima "REPETIR" ou prima "CANCELAR" para sair da configuração.
A pasta é inválida. Certifique-se de que a pasta existe e de que pode gravar nela.
Tem de especificar uma pasta com um caminho correto ou selecionar 'Cancelar'.
Could not update folder edit box.
Could not load functions required for browser dialog.
Could not load Shell32.dll required for browser dialog.
Error creating process <%s>. Reason: %s
The cluster size in this system is not supported.
A required resource appears to be corrupted.
Windows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
Error loading %s
GetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used.
Windows 95 or Windows NT is required to install
Could not create folder '%s'
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.

Do you still want to continue?
Não foi possível atualizar a caixa de edição da pasta.
Não foi possível carregar as funções necessárias para a caixa de diálogo do browser.
Não foi possível carregar o ficheiro Shell32.dll necessário para a caixa de diálogo do browser.
Erro ao criar o processo <%s>. Razão: %s
O tamanho do conjunto de unidades deste sistema não é suportado.
Um dos recursos necessários parece estar danificado.
É necessário o Windows 95, o Windows NT 4.0 Beta 2 ou superior para proceder a esta instalação.
Erro ao carregar %s
GetProcAddress() falhou na função '%s'. Razão possível: versão incorreta do advpack.dll a ser utilizada.
É necessário o Windows 95 ou Windows NT para instalar
Não foi possível criar a pasta "%s"
Para instalar este programa, necessita de %s KB de espaço em disco na unidade %s. Recomenda-se que liberte o espaço em disco necessário antes de continuar.

Ainda assim pretende continuar?
Error retrieving Windows folder
NT Shutdown: OpenProcessToken error.
NT Shutdown: AdjustTokenPrivileges error.
NT Shutdown: ExitWindowsEx error.
Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.
The setup program could not retrieve the volume information for drive (%s) .
System message: %s.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.
The installation program appears to be damaged or corrupted. Contact the vendor of this application.
Erro ao obter a pasta do Windows
Encerramento do NT: erro OpenProcessToken.
Encerramento do NT: erro AdjustTokenPrivileges.
Encerramento do NT: erro ExitWindowsEx.
Falha ao extrair o ficheiro. É possível que tenha sido provocada por falta de memória (pouco espaço em disco para o ficheiro de comutação) ou por um arquivo de ficheiros danificado.
O programa de configuração não conseguiu obter as informações de volume para a unidade (%s).
Mensagem do sistema: %s.
O programa de configuração não conseguiu localizar uma unidade com %s KB de espaço em disco livre para instalar o programa. Liberte algum espaço e volte a tentar.
O programa de instalação parece estar danificado. Contacte o fabricante desta aplicação.
Command line option syntax error. Type Command /? for Help.
Command line options:

/Q -- Quiet modes for package,

/T:<full path> -- Specifies temporary working folder,

/C -- Extract files only to the folder when used also with /T.

/C:<Cmd> -- Override Install Command defined by author.

You must restart your computer before the new settings will take effect.

Do you want to restart your computer now?
Another copy of the '%s' package is already running on your system. Do you want to run another copy?
Could not find the file: %s.
Erro de sintaxe nas opções da linha de comandos. Escreva o comando /? para
obter Ajuda.
Opções da linha de comandos:

/Q -- Modos não assistidos do pacote,

/T:<caminho completo> -- Especifica a pasta de trabalho temporária,

/C -- Extrai ficheiros só para a pasta quando utilizada com a opção /T.

/C:<Cmd> -- Substitui o comando "Instalar" definido pelo autor.

Tem de reiniciar o computador para que as novas definições surtam efeito.

Pretende reiniciar o computador agora?
Já está em execução no sistema outra cópia do pacote "%s". Pretende executar outra cópia?
Não foi possível localizar o ficheiro: %s.
You do not have administrator privileges on this machine. Some installations cannot be completed correctly unless they are run by an administrator.
The folder '%s' does not exist. Do you want to create it?
Another copy of the '%s' package is already running on your system. You can only run one copy at a time.
The '%s' package is not compatible with the version of Windows you are running.
The '%s' package is not compatible with the version of the file: %s on your system.
Não tem privilégios de administrador neste computador. Algumas das instalações não serão concluídas corretamente a menos que sejam executadas pelo administrador.
A pasta "%s" não existe. Pretende criá-la?
Já está em execução no sistema outra cópia do pacote "%s". Só pode executar uma cópia de cada vez.
O pacote "%s" não é compatível com a versão do Windows em execução.
O pacote "%s" não é compatível com a versão do ficheiro: %s existente no sistema.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2000-Nov-24 11:50:57
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0x1474`
PointerToRawData	`0x874`
Referenced File	wextract.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2000-Nov-24 11:50:57
Version	`0.0`
SizeofData	`472`
AddressOfRawData	`0x149c`
PointerToRawData	`0x89c`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2000-Nov-24 11:50:57
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1674`
PointerToRawData	`0xa74`

TLS Callbacks

Load Configuration

Size	`0xac`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x408004`
SEHandlerTable	`0x401470`
SEHandlerCount	`1`
GuardCFCheckFunctionPointer	`4235912`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x28a3070b`
Unmarked objects	`0`
C++ objects (27412)	`1`
ASM objects (27412)	`1`
C objects (27412)	`20`
Imports (27412)	`17`
Total imports	`158`
C objects (LTCG) (27412)	`9`
Resource objects (27412)	`1`
Linker (27412)	`1`

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.