Manalyze report for 216a4cfa1b41a0600d4d4d95e21ed387de62153da274fa469b1a5784f568154f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-May-12 09:09:32
Detected languages	English - United States German - Austria
Comments	IrfanView 32-bit Installer
CompanyName	Irfan Skiljan
FileDescription	IrfanView 32-bit Installer
FileVersion	`4.72.0.0`
InternalName	IrfanView 32-bit Installer
LegalCopyright	Copyright Â© 2025 by Irfan Skiljan, Austria
OriginalFilename	iview472_setup.exe
ProductName	IrfanView 32-bit Installer
ProductVersion	`4.72.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: http://www.irfanview.com http://www.irfanview.com/eula.htm http://www.irfanview.net http://www.irfanview.net/faq.htm http://www.winimage.com http://www.winimage.com/zLibDll https://www.irfanview.com https://www.irfanview.com/plugins.htm inkscape.org irfanview.com irfanview.net winimage.com www.inkscape.org www.irfanview.com www.irfanview.net www.winimage.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExW LoadLibraryExA GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegSetValueExW RegEnumValueW RegEnumKeyW RegDeleteValueW RegCreateKeyExW RegQueryValueW RegDeleteKeyW RegQueryValueExW RegSetValueW RegCreateKeyW RegCloseKey RegOpenKeyExW` `Possibly launches other programs: WinExec` `Can create temporary files: CreateFileW GetTempPathW` `Uses functions commonly found in keyloggers: CallNextHookEx GetAsyncKeyState GetForegroundWindow` `Enumerates local disk drives: GetVolumeInformationW GetDriveTypeW` `Can take screenshots: FindWindowW GetDC`
Suspicious	The PE is possibly a dropper.	`Resources amount for 89.7367% of the executable.`
Info	The PE is digitally signed.	`Signer: Irfan Skiljan` `Issuer: Certum Code Signing 2021 CA`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-20 05:00:05)	`All the AVs think this file is safe.`

Hashes

MD5	`f22ebf3c50bc65103270caaf5df52c1c`
SHA1	`b17b5aa5440598c1da98abcfe8a1d1e250a235cb`
SHA256	`216a4cfa1b41a0600d4d4d95e21ed387de62153da274fa469b1a5784f568154f`
SHA3	`9979a20b9ef08efb1b04ae70f6ed4d1a3571724e484c7a16150263cea55a22fc`
SSDeep	`98304:cM8SFJkOV0c2wfEPouAgg143H8MwSUHv3vRo:j8mk02wMPib4X8M1QXK`
Imports Hash	`8ba90ad507a0d5ecd00f881ef3d08b07`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-May-12 09:09:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x3ca00`
SizeOfInitializedData	`0x32ba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00020C3B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x36b000`
SizeOfHeaders	`0x400`
Checksum	`0x373c71`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e4876c332530bd20d8e32b6ffe99789b`
SHA1	`0c1aae8e373edfc2e06e2dcd358c0b06cdec3bb1`
SHA256	`c3794d6912b6a58321708251f65c3f00fd77ca7f9786a3a86642fcfce915d8d3`
SHA3	`97d6d6e466694f03ee72c3a8aca50544faacdd5f731b45446591babc34e42197`
VirtualSize	`0x3c897`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3ca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58127`

.rdata

MD5	`2703b2fa5c13597ed45ed08b6dc5dc75`
SHA1	`4b7ead1869706e3da2a9b5e6fbabdd018fba7422`
SHA256	`3ec659782ce22430e29f92dbee43589ca8409fb74e06fedd19e764a676fc8b2b`
SHA3	`e7fa4b4588d6fcb0fc627b18d2bb4806c6352f3675828c883021f9b40f3a2b31`
VirtualSize	`0x11f40`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x12000`
PointerToRawData	`0x3ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76947`

.data

MD5	`49a1fe1bba3031e9afe324b5fc5197d6`
SHA1	`ccf0d028dd56fdbf3aeae793ebfa6f8c13e81d38`
SHA256	`a9621514c4bd7412dcb927a252b7786a20e6083e779326d799ee0b9a3d856323`
SHA3	`8c479aa14ba7b89cb513b292adc3cf592ad05858a3de0bf52cb91291745e9203`
VirtualSize	`0x7de0`
VirtualAddress	`0x50000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x4ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.72537`

.rsrc

MD5	`c684998860bdd57c7c3bbfa2d2e08f32`
SHA1	`eaf58772f671a6315321671ac681b03dfe52402b`
SHA256	`37e5e932cc7dcda8b712bba5eaa391b0a83d552c34896d509e1628f65949eef4`
SHA3	`a8a91f3a278faaec955725e40ffb5300aa6fd23d31f43393b8171b7b6eb730b9`
VirtualSize	`0x30d588`
VirtualAddress	`0x58000`
SizeOfRawData	`0x30d600`
PointerToRawData	`0x52400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99708`

.reloc

MD5	`88a0bf6f247d00cc3479cd658b387397`
SHA1	`7f2f1991b79e0d2f43f879ff559a88b89970c3ef`
SHA256	`56a57e4013c0c34e102300748e95537c135f7d65d62a2017b96fe87b1d97de01`
SHA3	`af8cd1739bd67810914aff97d59396d38f0257c87e970ac34894a1e525b55df7`
VirtualSize	`0x45c8`
VirtualAddress	`0x366000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x35fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58537`

Imports

KERNEL32.dll	`GetVolumeInformationW` `ReadFile` `SetEndOfFile` `SetFilePointer` `WriteFile` `GetCurrentProcess` `FindResourceExW` `SetErrorMode` `FileTimeToLocalFileTime` `GetFileAttributesExW` `GetFileTime` `LocalFileTimeToFileTime` `SetFileTime` `CreateDirectoryW` `GetLocalTime` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `RtlUnwind` `ExitProcess` `GetModuleHandleExW` `HeapQueryInformation` `GetStdHandle` `GetStartupInfoW` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetDriveTypeW` `GetConsoleMode` `ReadConsoleW` `GetConsoleCP` `GetStringTypeW` `SetFilePointerEx` `GetTimeZoneInformation` `OutputDebugStringW` `LCMapStringW` `SetStdHandle` `WriteConsoleW` `SetEnvironmentVariableA` `DosDateTimeToFileTime` `GetFullPathNameW` `FlushFileBuffers` `FindFirstFileW` `FindClose` `CreateFileW` `DeleteFileW` `GetCurrentDirectoryW` `GetUserDefaultUILanguage` `GetSystemDefaultUILanguage` `GetLocaleInfoW` `CompareStringW` `LocalReAlloc` `LocalAlloc` `GlobalHandle` `GlobalReAlloc` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `FileTimeToSystemTime` `InitializeCriticalSection` `GlobalFlags` `WaitForSingleObject` `CloseHandle` `VirtualProtect` `GetPrivateProfileIntW` `lstrcmpA` `GetCurrentThread` `GlobalFindAtomW` `GlobalAddAtomW` `LoadLibraryA` `lstrcmpW` `GlobalDeleteAtom` `LoadLibraryExW` `LoadLibraryExA` `GetCurrentThreadId` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `FormatMessageW` `LocalFree` `GlobalFree` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GetCurrentProcessId` `SetLastError` `OutputDebugStringA` `GetACP` `Sleep` `FreeResource` `GetModuleHandleA` `LockResource` `GetTempPathW` `WritePrivateProfileStringW` `MultiByteToWideChar` `GetModuleFileNameW` `GetVersionExW` `SizeofResource` `GetPrivateProfileStringW` `MoveFileExW` `LoadResource` `FindResourceW` `GetDateFormatW` `GetEnvironmentVariableW` `GetProcAddress` `GetSystemDirectoryW` `GetModuleHandleW` `GetCommandLineW` `lstrcpyW` `GetWindowsDirectoryW` `WinExec` `lstrcatW` `lstrlenW` `LoadLibraryW` `WideCharToMultiByte` `FreeLibrary` `DeleteCriticalSection` `DecodePointer` `HeapSize` `GetLastError` `RaiseException` `MulDiv` `InitializeCriticalSectionAndSpinCount` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetFileType` `HeapReAlloc`
USER32.dll	`SetPropW` `GetPropW` `RemovePropW` `GetWindowTextW` `GetWindowTextLengthW` `AdjustWindowRectEx` `MapWindowPoints` `GetClassLongW` `GetClassNameW` `GetTopWindow` `GetWindow` `SetWindowsHookExW` `UnhookWindowsHookEx` `CallNextHookEx` `WinHelpW` `MonitorFromWindow` `GetMonitorInfoW` `ShowWindow` `SetDlgItemTextW` `GetDlgItemTextW` `IsDlgButtonChecked` `SendDlgItemMessageW` `SetWindowTextW` `IsDialogMessageW` `PostQuitMessage` `GetAsyncKeyState` `MapDialogRect` `GetMessageW` `TranslateMessage` `GetCursorPos` `CreateDialogIndirectParamW` `EndDialog` `GetNextDlgTabItem` `RealChildWindowFromPoint` `GetSysColorBrush` `DestroyMenu` `CharUpperW` `ValidateRect` `GetForegroundWindow` `SetActiveWindow` `SetMenu` `GetMenu` `GetCapture` `GetKeyState` `SetFocus` `GetDlgCtrlID` `GetDlgItem` `IsWindowVisible` `SetWindowPos` `DestroyWindow` `CreateWindowExW` `GetClassInfoExW` `GetClassInfoW` `RegisterClassW` `CallWindowProcW` `DefWindowProcW` `PostMessageW` `GetMessageTime` `PeekMessageW` `DispatchMessageW` `RegisterWindowMessageW` `GetMenuItemCount` `GetMenuItemID` `GetSubMenu` `ClientToScreen` `EndPaint` `BeginPaint` `TabbedTextOutW` `GrayStringW` `DrawTextExW` `DrawTextW` `CopyRect` `GetLastActivePopup` `GetWindowLongW` `LoadBitmapW` `SetMenuItemInfoW` `GetMenuCheckMarkDimensions` `SetMenuItemBitmaps` `EnableMenuItem` `CheckMenuItem` `GetFocus` `SendDlgItemMessageA` `FillRect` `DrawIcon` `RedrawWindow` `SetForegroundWindow` `FindWindowExW` `IsWindowEnabled` `LoadIconW` `SystemParametersInfoW` `GetActiveWindow` `MessageBoxW` `GetSystemMetrics` `UpdateWindow` `FindWindowW` `LoadStringW` `SetCursor` `SetTimer` `ScreenToClient` `GetWindowRect` `KillTimer` `GetParent` `LoadCursorW` `MessageBeep` `GetClientRect` `PtInRect` `GetDC` `InflateRect` `CopyIcon` `InvalidateRect` `ReleaseDC` `SetWindowLongW` `GetDesktopWindow` `GetSysColor` `IsWindow` `SendMessageW` `EnableWindow` `UnregisterClassW` `GetMessagePos` `GetWindowThreadProcessId`
GDI32.dll	`ExtTextOutW` `CreateSolidBrush` `Escape` `GetClipBox` `PtVisible` `RectVisible` `RestoreDC` `SaveDC` `SelectObject` `SetBkMode` `SetMapMode` `SetTextColor` `TextOutW` `SetViewportExtEx` `SetViewportOrgEx` `SetWindowExtEx` `OffsetViewportOrgEx` `ScaleViewportExtEx` `ScaleWindowExtEx` `EnumFontFamiliesExW` `SetBkColor` `DeleteObject` `CreateBitmap` `GetTextExtentPoint32W` `CreateFontIndirectW` `GetObjectW` `GetStockObject` `DeleteDC` `CreateDCW` `GetDeviceCaps`
ADVAPI32.dll	`RegSetValueExW` `RegEnumValueW` `RegEnumKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegQueryValueW` `RegDeleteKeyW` `RegQueryValueExW` `RegSetValueW` `RegCreateKeyW` `RegCloseKey` `RegOpenKeyExW`
COMCTL32.dll	`InitCommonControlsEx`
WINSPOOL.DRV (delay-loaded)	`DocumentPropertiesW` `OpenPrinterW` `ClosePrinter`

Delayed Imports

Attributes	`0x1`
Name	`WINSPOOL.DRV`
ModuleHandle	`0x56538`
DelayImportAddressTable	`0x53598`
DelayImportNameTable	`0x4e32c`
BoundDelayImportTable	`0x4e4cc`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

217

Type	`TXT`
Language	German - Austria
Codepage	UNKNOWN
Size	`0xd94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38094`
MD5	`9d18739c6775cef0d80df9e103864023`
SHA1	`3ce256e603cc76cc44145a7b2c9be513269f37d6`
SHA256	`e2e292c3b7e4a511e6d42b52b7c8c1437d6be59f24739271060504480e438abe`
SHA3	`b78e80b76233c29fe66ef4b80434010daeea0390874c8b848ee5466ffaae9dd0`

1974

Type	`ZIP`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x30885b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99851`
Detected Filetype	Zip Compressed Archive
MD5	`4e6bc7fe7f80c36ca85e2f55c83ab025`
SHA1	`3d975fb8aec890b9b7d3cc76eb124b389b07c789`
SHA256	`c15326bfb17da5f18f6f22252a3d201201addf7617aeb2f52d07b6f5404ff074`
SHA3	`9f0d1330916c445295ee3e0e33a14fc4e67cc185a2f27382f1023b875c37e916`

113

Type	`RT_BITMAP`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x5bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70488`
MD5	`7a6dd9dd96fce034b9e782fd41c6ceb5`
SHA1	`d04bca8be73b073cff27ef9680d51477ce58ec23`
SHA256	`e9ff53146f41891d7abc08701b1107c8cdf0af420e755ceeccdd17254adc590e`
SHA3	`24220b40827a41f29379e9d7257fe4394320ae25eda34b173de9eae68965ebad`
Preview

1

Type	`RT_ICON`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90745`
MD5	`1014a5ae29a120384adc6132b985d644`
SHA1	`1f9b138ca788ab607aa219398141ad844cd50686`
SHA256	`916a7a2dbb92cb506c747534b72913c43af5f9d0b8a2b87d7017d192063bd395`
SHA3	`7342fcc4e6f40373f5873ac9910fc95b76bb18bffae2087ebc5949832f9ecc11`

2

Type	`RT_ICON`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45827`
MD5	`abcd095ae828eb9993c963a5185b303c`
SHA1	`c7757de7051708b5af3a3b1288c39c4843776dc1`
SHA256	`d36bcd8335f4ef2babbbb5463dfb963fafe3b812aa8fa8e01cf73f48ded05791`
SHA3	`f04ff0e83ed90019c90f11d014380e55a93052ee066d63c4965a240403c8c091`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47195`
MD5	`d1aeab03cd381cb6cac588158f91b8eb`
SHA1	`0dff409632faf4d8718852271b08499fd9df046d`
SHA256	`8751c265d6b9830fd37614822ffffa21df94fee00b7fd532533978cbf1066fa6`
SHA3	`e7596d37baf64d828f70d36d30eeeca2df3dcbc7888e87fe1ce4c78cb0c0e444`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55528`
MD5	`125abfb0496b8110f86cdd75206d02ff`
SHA1	`cbf31ce583561b1b11978b8dc2606d5900400358`
SHA256	`d9493705f007043db56b5889d4bc6cbcc9b5f7d9fcdb0e3d24f06c350ddc467f`
SHA3	`fe3c620bf8c4f649b5cfbf778010b49e754963e1deec29db46b03f798b9e0555`

108

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05139`
MD5	`14dfedd6801c18b7c20d8928b809f51d`
SHA1	`723bb0f459de46bbc7a5efdfdaa6f1c349b76f25`
SHA256	`594597d8d0bd5d7d1f408088fc79f4a779c3ab49cc4add79d78a5d3f2abe350e`
SHA3	`6a6cd232f0b5c7c317ff0e724f9e940b1afd6bb2d4ace9e25ea373001eef34af`

109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x420`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46561`
MD5	`10aebde678571f798a7ebd3cc0f3a042`
SHA1	`f0feaba66799570ac7969b58148e695adf97fabb`
SHA256	`e9d9c3645491f21a0bd0cfa8d2d63285198a5d02b020542734aa2156a9bc9f3d`
SHA3	`78cf38ef998bd1e6d406dfdcaa711ad2a36760e78813c790dd4bd413edb9440f`

110

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42642`
MD5	`eed6dd81ee96e3e39a0815997f22e235`
SHA1	`f6a242b6ff66d78d18b06e0e70295747872509f2`
SHA256	`c6aece2832b89fb65f32161b9d3f440c1f6d5f37d0b4da9a75dc99501dd0680a`
SHA3	`5866f9e0a951df41147fa4a76e37050645d1d41bd9ac8aa68e32c632ba7b64cf`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92815`
MD5	`f1163d2517736331e6bf28f763e69a04`
SHA1	`15c687feae231629c7486a58ddea592d331fdec7`
SHA256	`c1b2fa425e50b906beb93d4bd11d78563deb929dffff789c1b6df2dcec438cd1`
SHA3	`bd24e27b193b71300ea5d3bac53c698bd6a68abee4748529af7aa933cfaf9995`

1 (#2)

Type	`RT_STRING`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x5bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28002`
MD5	`b66d837a6ffd4f31f6d553f561060bb7`
SHA1	`50389416d708302d8f4e2d9cf0cc0ac29fff6d42`
SHA256	`0742051d5964d989b658a958e5ae8ea72dd32edbf750010d7a7d7f6ef5a4103e`
SHA3	`14875498fc77a9868d46842d93454f342516a2b5174f387b5752ffbdd55bf57d`

7

Type	`RT_STRING`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x22e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14557`
MD5	`f57d1a72857a65fa4892a8e119e9cd05`
SHA1	`da36d02eed7f16e6ab87d669eb24a6f762299556`
SHA256	`38b868a2aac686f09ced382af1114df084c8e1e3cd9923611335f895f9777e70`
SHA3	`4588f339169d2f3ef8a6842d653abfaeb303e86091fd3479ea43590eda4ec1de`

8

Type	`RT_STRING`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x22e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2958`
MD5	`015ef5c1947c1b046a0b58f62476137b`
SHA1	`637e517bd73226255d95ed962dacc706da8ad2a4`
SHA256	`bc1ab5608e07ca2c29914778489599259c74d7251f429db465aa4dc1777e3285`
SHA3	`bf1c3b7924aceb27675ec4e3664173edc96b75dd0ccd8af33b03e662d511369f`

9

Type	`RT_STRING`
Language	German - Austria
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03879`
MD5	`5dd685c3e19130c5f49736353c121f0a`
SHA1	`38f6146734c465203e937f249c50a8f33332a314`
SHA256	`206d708f5c049e1fdcc5232a8befef26f408ec9fde5ca7734d8d344544e9ea15`
SHA3	`6c8e910231f635e0e4bd8cee5122643d055ff2a8bafb2b98eb361b7f0bd8f52c`

111 (#2)

Type	`RT_GROUP_ICON`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32824`
Detected Filetype	Icon file
MD5	`62d6b1d51e9721a781148fb63c1970c6`
SHA1	`0491f06e0b5fe9241d44138303ece1776840fd6d`
SHA256	`1d47c7bd2cc20089bc0387c8e7ac0a1680e9b4dc81dbde998c3c5c8e6c7d69aa`
SHA3	`9f1474d08ea9f8bc44f2b127a2a96dbaaed16872128ddd81afe07b2b3756d3bd`

1 (#3)

Type	`RT_VERSION`
Language	German - Austria
Codepage	UNKNOWN
Size	`0x3b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39715`
MD5	`965f3bf2718a703c23ed07b1177f3daf`
SHA1	`abc639a00624689484725728040e67709f029297`
SHA256	`fbc1690459e064d6697768f3b330d4460175031171a831a8795e8df06d2e3bfe`
SHA3	`e9ab197ab63b0a8e2b66147c4eb0804834f6d68cd7747aa13a0eb06815369613`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x47d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97096`
MD5	`9bce90c476fc86b1cb0fc9fba0c7a120`
SHA1	`fb44343291404040b8cca7bad88107797b0be676`
SHA256	`ebc9f13f75e23596abbdd6d4f1a721f44da835686375f31421f2b29d221fb272`
SHA3	`79aa903e3ed996b920c0f75908ece1f1ec7fa29b20e76208b965a06d31a5549e`

String Table contents

&Exit
&Done
Exit setup?
IrfanView Setup
Invalid destination directory!
Destination directory
Can't install all files!

Please close all running IrfanView instances and check your destination directory for free space or write protection!

(the installer should be started in ADMIN mode, use e.g. right mouse button click on installer)
Installation folder:
You want to change current associations and to associate one or many file types with IrfanView!

Are you REALLY sure!?
Warning: IrfanView is running!
Please close all IrfanView instances before you install this version!
Can't create destination directory!

Please check your write permissions and system policies!

Try to create the destination folder manually and restart.
Connected to %1
Resolving name: %1
Resolved name to %1
Connecting to %1
Redirecting to %1
Getting file information
An error occurred parsing the url: %s
An error occurred while attempting to download the file, Error:%1
An error occurred connecting to the server, Error:%1
Failed to receive a valid response from the server
Failed to receive a valid HTTP response from the server
An error occurred while downloading the file, Error:%1
%1% of %2 Completed
Retrieving the file
%1 of %2
%1 sec
%1 min
%1 min %2 sec
%1 Bytes
%1 KB
%1 MB
%1 (%2 copied)
%1 Bytes/Sec
%1 KB/Sec
An error occured while opening the file to be downloaded, Error:%1
Aborting transfer

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.72.0.0
ProductVersion	4.72.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	German - Austria
Comments	IrfanView 32-bit Installer
CompanyName	Irfan Skiljan
FileDescription	IrfanView 32-bit Installer
FileVersion (#2)	4.72.0.0
InternalName	IrfanView 32-bit Installer
LegalCopyright	Copyright Â© 2025 by Irfan Skiljan, Austria
OriginalFilename	iview472_setup.exe
ProductName	IrfanView 32-bit Installer
ProductVersion (#2)	4.72.0.0

Resource LangID	German - Austria

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x450550`
SEHandlerTable	`0x44bbf0`
SEHandlerCount	`107`

RICH Header

XOR Key	`0x8b248afe`
Unmarked objects	`0`
C objects (VS2013 UPD5 build 40629)	`13`
C++ objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`515`
ASM objects (VS2013 build 21005)	`26`
C objects (VS2013 build 21005)	`181`
C++ objects (20806)	`74`
C++ objects (VS2013 build 21005)	`62`
229 (VS2013 UPD5 build 40629)	`6`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

Leave a comment

No comments yet.