Manalyze report for 284445efc60c1a68e8199c7dc675ff82

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jun-11 09:16:47
Detected languages	English - United States Process Default Language
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didat`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Suspicious	The file contains overlay data.	`2250432 bytes of data starting at offset 0x5fa00.` `The overlay data has an entropy of 7.95552 and is possibly compressed or encrypted.` `Overlay data amounts for 85.1755% of the executable.`
Malicious	VirusTotal score: 19/69 (Scanned on 2021-07-28 18:03:36)	`Bkav: W32.AIDetect.malware2` `Zillya: Trojan.Agent.Win32.2205396` `Sangfor: Trojan.Win32.Save.a` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Malware.Qshell-9875653-0` `Kaspersky: VHO:Trojan-PSW.MSIL.Agensla.gen` `Sophos: Generic ML PUA (PUA)` `McAfee-GW-Edition: BehavesLike.Win32.Generic.vc` `FireEye: Generic.mg.284445efc60c1a68` `Avira: HEUR/AGEN.1142704` `Microsoft: Trojan:Win32/Woreflint.A!cl` `Cynet: Malicious (score: 100)` `McAfee: Artemis!284445EFC60C` `VBA32: CIL.HeapOverride.Heur` `SentinelOne: Static AI - Malicious SFX` `Fortinet: MSIL/GenKryptik.FHZB!tr` `BitDefenderTheta: Gen:NN.ZemsilF.34050.Vo0@aq77Kxd` `Qihoo-360: HEUR/QVM10.1.E41F.Malware.Gen`

Hashes

MD5	`284445efc60c1a68e8199c7dc675ff82`
SHA1	`60655a314c86993deefa9d9f7eec64341168e9e1`
SHA256	`af7800b9d14d41db33e7aeb100aac52bcae40bd7dfa2f151ffb4e76e810ea965`
SHA3	`c16d2b3e38f42e205d39b8a1e19cfc13a084fa8a66d4998de8d70b4ce4b5c366`
SSDeep	`49152:m8459zztzzKoPfxsNIcv+xltSiK0rXw5hn360bURtRY26YS+WhfFzMwDPwRVuf2s:mD9zztzzKoxs6cmxfSMkd3GDGvWsfPX`
Imports Hash	`cc39c92dab3b76cf65e92f0f17f70608`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2021-Jun-11 09:16:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x31400`
SizeOfInitializedData	`0x2e200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001EEF0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x87000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`675b3d32e0449f24d266c11fd42c4e23`
SHA1	`5a400aa2168d4a383fc6c26e2be31efc906a2162`
SHA256	`4d20a6fe9bd267b5d952892534088c8a49a6c967ca74443bf94e41b7d4bdcf39`
SHA3	`41525b3b0ea9829a4ed0bdfc53491fcfffeb5d26bdee2e40509eecddda4a670a`
VirtualSize	`0x313ba`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70981`

.rdata

MD5	`d1ae5a0175dfb925fc91111d5aee7a6c`
SHA1	`e30e5b39602864bdb7fecc6deea6d5bf4343e2ea`
SHA256	`b766d7cbb88cfb096f35a88b3eb600fe10833bd2d3495a36f6d1ee17d143a312`
SHA3	`475c6a0429d250cb239aa73ece4310efa5e40f9bff7fde69433845369a5b3acf`
VirtualSize	`0xa622`
VirtualAddress	`0x33000`
SizeOfRawData	`0xa800`
PointerToRawData	`0x31800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22268`

.data

MD5	`201530c9e56f172adf2473053298d48f`
SHA1	`6b160855a24650fb6df8fda051e6a773aefbb0ae`
SHA256	`1c4f76453eb9c9c3d1d1393f8d3e040adaa312e787da2cb9bfb141c84fa6223c`
SHA3	`a573d63ed6b08dae2d342140b728396cd57b7b1a9fc424af5459ec8338336acf`
VirtualSize	`0x23728`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.70882`

.didat

MD5	`b7f0feda7ab6671cb8b44734d1fc4180`
SHA1	`2ac2212540d4284fd2d5de54b012618dc16efb21`
SHA256	`8ded38c9e709580fe0055c9808c4a5af53b6a65d0d218c79aaf9a70e1aa72eef`
SHA3	`2862f48e16c4df02953d03302243145520bd172cc798463602f1717ac9d97991`
VirtualSize	`0x18c`
VirtualAddress	`0x62000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.35543`

.rsrc

MD5	`36bf129c012544a4fd404f208ee52873`
SHA1	`705e4c86059a36252446219ba3e70e631fbf5271`
SHA256	`dd9d56ae411b63a3d29d71bcfcc9114e9a7e32ebcb99d4ecd46054d0dd5f50ac`
SHA3	`5b3dc14ff076a3e56079c5c8a3db1ea9d7c8a54933446d4795e441ddd58278f5`
VirtualSize	`0x20344`
VirtualAddress	`0x63000`
SizeOfRawData	`0x20400`
PointerToRawData	`0x3d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.22181`

.reloc

MD5	`c4082250c29091b2a6f872d68c8d91ff`
SHA1	`166e5f6d732d9e26697af387ad5df4409934107f`
SHA256	`fdb635393ac71328d2ed759edd7a06818e566537d3450d8edf0bcd9b702501f1`
SHA3	`67c8a8603452fc0d41dd5c25fc588afb435fc1f39e27c60bdd733c0bf0910796`
VirtualSize	`0x227c`
VirtualAddress	`0x84000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x5d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56418`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `FormatMessageW` `GetCurrentProcess` `DeviceIoControl` `SetFileTime` `CloseHandle` `CreateDirectoryW` `RemoveDirectoryW` `CreateFileW` `DeleteFileW` `CreateHardLinkW` `GetShortPathNameW` `GetLongPathNameW` `MoveFileW` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileAttributesW` `GetFileAttributesW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `SetThreadExecutionState` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `GetProcessAffinityMask` `CreateThread` `SetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `LockResource` `GlobalLock` `GlobalUnlock` `GlobalFree` `LoadResource` `SizeofResource` `SetCurrentDirectoryW` `GetExitCodeProcess` `GetLocalTime` `GetTickCount` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `HeapSize` `SetStdHandle` `GetProcessHeap` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TerminateProcess` `RtlUnwind` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `DecodePointer`
gdiplus.dll	`GdiplusShutdown` `GdiplusStartup` `GdipCreateHBITMAPFromBitmap` `GdipCreateBitmapFromStreamICM` `GdipCreateBitmapFromStream` `GdipDisposeImage` `GdipCloneImage` `GdipFree` `GdipAlloc`
USER32.dll (delay-loaded)	`DispatchMessageW` `PeekMessageW` `PostMessageW` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `EndDialog` `TranslateMessage` `SendDlgItemMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `GetMessageW` `wvsprintfW` `CopyImage` `GetClassNameW` `FindWindowExW` `MessageBoxW` `ReleaseDC` `GetDC` `SendMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetSystemMetrics` `SetDlgItemTextW` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `GetDlgItemTextW` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x60cb8`
DelayImportAddressTable	`0x620a0`
DelayImportNameTable	`0x3bf84`
BoundDelayImportTable	`0x3c6a0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`PNG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb45`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87356`
Detected Filetype	PNG graphic file
MD5	`63486a769bbe3f49d5848b9c69734a25`
SHA1	`e48bd36c2f23c238206bdddf3ebb6d6862905710`
SHA256	`a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c`
SHA3	`7e9dc73ef6ee0ce127eee80c5daf334bd98ed2d2f262376ed7760866816d815b`

102

Type	`PNG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80129`
Detected Filetype	PNG graphic file
MD5	`e6ccfb6d9ffd4e1a907a47761c64bd79`
SHA1	`d6a2994dedae3527a878140aa60dcaa087b90445`
SHA256	`27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68`
SHA3	`11423dcd0ab4c11695ad71f56e4fcdfc4b20a38cc6ac653ab7575f7dd024d0e5`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x33c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96024`
Detected Filetype	PNG graphic file
MD5	`0b6c119e2ec3e6f604aa0bd15bb622bf`
SHA1	`ec5cfa12e165d01be517e608fe583cc23fa24c57`
SHA256	`3e0773e8267ef96b56205d4b51b98f6465049abd1ea26dee3cb2d1ccc79b1034`
SHA3	`809fe806b3c8df2d62fa52b965013dfaa36b31c8a782b11dc4c83a0c2ff77999`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.03322`
MD5	`210f0c2096a223a1bf4832e086876a34`
SHA1	`a287f091bab400156fa3b5e13fad47682a24072e`
SHA256	`dd8f53c4f811bd6d8baea21c089212efc317d3417a9cee8322ec646eaa0678d0`
SHA3	`7f373dac8c96cc0e069762f2be922f5e0bf4e1e9d15bbc38d92bb615d69933d7`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58842`
MD5	`4c348aa193bc5a9191102408ecf7ec47`
SHA1	`cd73d86e3c240a40722afcb0500edfda9e72eab6`
SHA256	`10b4dc0079496cb65cc2d184d1729660592bb41ef4933ac403dd69da8420f589`
SHA3	`a95ee31f050f81f7fe83404c346cf67ec6c4167bb1473afb841f62c243c9b230`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88552`
MD5	`e17988b57211f5388ea8d28d842ba663`
SHA1	`83b2176bac134080a575341b98fc45d328ad165c`
SHA256	`acda21ba6b7b543664f6cc4aebf246827577b658e421a6644411514958afb47c`
SHA3	`c841e6d68f6d21d0081d60a3e577175dfe4f974070daa944ffc9e38b9b4c2033`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57378`
MD5	`b5716394e9fb7a86fbd09bb13b4e7821`
SHA1	`fed36ac4baaabe72bda7070466f1092da5196e2b`
SHA256	`b2718ced57fd34597088628eefefe4524be4c7128140f8e855deb6889550fab8`
SHA3	`e94ae6afb026c1331bc46901aa521dc33b2220cdb650b263c2f853ff12ab43d8`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.74897`
MD5	`c233e3a628f66a7fb0c6157599299faf`
SHA1	`93bdce48db0b0729b13664f9319129b329e787e0`
SHA256	`8410c6f519ee4e06ce02dd6f65399c6fac8ed96ee91441ac2e0c5193e6d98c7e`
SHA3	`fbd0e3c45b6301f9283b3e45312a59ce2e152d85c64a09a428fd5cf321993459`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x286`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.419`
MD5	`8edc9d9954c16d9083b44657a62c353e`
SHA1	`bb567f7e6b33d5d976abe26b9da4e403c3182dc4`
SHA256	`8f25d7b09ecff6d3389a7742dc2a9e3187bdf010877d5512b7bab24566c3fca9`
SHA3	`140be6b67eed1b2eba6651eb7fb1ed127c202df3b0cbe5ef1d2a3299fbb2c3fb`

GETPASSWORD1

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x13a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33594`
MD5	`846493df763dc8986b2a7a908694aa5c`
SHA1	`7113017d3f8ab15f721836f8cac36a3dde424962`
SHA256	`a6cb648be2175544ba05cd1c0d9f5b45b1d344915c503f01495f744708ebf6fc`
SHA3	`c524ff060d297a1a5d5a072ad50e5440ed3119f05de91aaf5f372a6d6a5e642b`

LICENSEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16133`
MD5	`4da01a070e57545f97e0d84bcf1524e5`
SHA1	`eeeadb106e138aa26b66d276f84c8d076a31142e`
SHA256	`44e6a8daef1ac762f8016fc4c8aec52bad42f589b6d8a25d430a619610dd0028`
SHA3	`a018ce14f68b06cbed4adb1bf6714f3b6c1aa64fa2afa2215e037aa654f9fcee`

RENAMEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09135`
MD5	`43b0cc5d14bc75c453a11cb013864a38`
SHA1	`6990aed36ba67f0d6d34a63c3d9fd9dc2487db01`
SHA256	`237fb4fcfacd77cffde8221c92f0726c849afc96cd0bfd833f50b78552f7b22b`
SHA3	`a5ace4978d8258be5a68d7db48bc472ffa5cb949b4bb7c64f35348b5b34bb9e2`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31634`
MD5	`59053a2d4069a360fc73761849e1318c`
SHA1	`541edef52f27a7178cac477eb3803cb4820d31ae`
SHA256	`19561beb5029c85d95648f15c598b028a4f8a00bc36f452c5428308693ed748e`
SHA3	`a1fea8b8bfc45c410ebcfcc73afd1716c6c2abb2889e8a170e221a7ac702bb59`

STARTDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51642`
MD5	`8f7f380b1a69743aac7181d97f60324b`
SHA1	`e6a444d1fb41f3a3bfec6dee720ee63e2337fcfe`
SHA256	`ad7a2ec8f4ae2bad71bc363e13eb5a809b2936f010f453b986ea04a5605c630a`
SHA3	`313019b4cd37222ade46ea6cfb35e136befe0a6e755a2d02590745173e2199d6`

7

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1586`
MD5	`2ee005bf14efd62d866ca276e73b47aa`
SHA1	`e098ed7de14a3221722e8c25ada1cb901ce85978`
SHA256	`450b4d82a86dba50acea995d6356e0174a242081f2c2438f6f88c29038f7097d`
SHA3	`3bd4b237507bdbc645d985837c718b5df99fa6c91e862fe59f7295cd82c7d0b0`

8

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11685`
MD5	`91984a8521454b1758674f2f0765e695`
SHA1	`f48b0e0ca433d99226abe5cb9f1421b5dc204d31`
SHA256	`89051dca472bd5ebb7b344c05150755b6e3d32cb0dffea086c04186820b188d2`
SHA3	`c7c2157fcb23e3b9253e37f60afe11361c625e3d5e0535bbbf988387d2cd517c`

9

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11236`
MD5	`de2fde7dcddbe30df25bfcf234a301c3`
SHA1	`749b1a50cbed02bb7fd1fd277333340996b22c6f`
SHA256	`dd64405d95bedf0c5a998dba963360b3b9dd01d1482179c2b1d33ddb465841eb`
SHA3	`18b764b7d6b4bd748a55e961d11738a5fc2eb831e2be55cb21dd535e29ca9aeb`

10

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99727`
MD5	`06aeb5ae44f152010b502d79d78da978`
SHA1	`765389e59fc961fb9782413bccd6218c0ed29c95`
SHA256	`1e87eca343221966ecd9472109f3baf9081c821e3f4e905aa34eb8bce73af4e7`
SHA3	`dda651f9f04eded147d6b4d66801eb000f7f83f5e6161c919beca8e51e7b6f8a`

11

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x446`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2036`
MD5	`50607cbf5fa33da61e8d119c4a2c0c9b`
SHA1	`d38285a743fe1ebf62ecb612d62336060c865bc7`
SHA256	`06b2bd666ed1afbbfc9914b94d703087c18248c5fe28dead42e42f22c3984c5e`
SHA3	`9bc82cef576158d1c1bf6c60e77dae43a3c3ef80d1373ceafa46da206fd67cfe`

12

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x166`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12889`
MD5	`70f271b2edd6a05942b95abced225c10`
SHA1	`dd3de2dc38efaf506c8c902edc3c6639651babbf`
SHA256	`d5755fffe2a9a4baf3593b8fba9a029b23bcc08e77c8d98e07b93baee6b9e6de`
SHA3	`99f9038fe42c25749482786e85b1f0ee5dda044080bf4ea4b311b333a3098c63`

13

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x152`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01704`
MD5	`f82916fbe2aea69eafe68b9796d66a02`
SHA1	`0163aae109725b0ddb7740b3f648da2777463e55`
SHA256	`abbb67522b7822276112f9a351d05701b2b62f2317592dd8ac7c921809de2ccc`
SHA3	`bb63fc32a6057e9ffc74dc8c5276a24af66b86604daede76ce69550e41999599`

14

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94627`
MD5	`30e6552170bc691f678f7acef9e80e0c`
SHA1	`8b2d788087dcb89391aca01e923a041f91bbb58b`
SHA256	`9259a6b6d2959b4dc26b0563c2e15fca703e6bf343e2016ed314a992617f1904`
SHA3	`c36395577d2aeb1248c26a8b5a5db48646b2ca0c999cc6e8bdba8678cefc97d7`

15

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83619`
MD5	`09b30c86fe6cd7c8fe6d5d5fdd8b0a3e`
SHA1	`ba24c6e94ca7607f3fa91f71142d64d2e2938152`
SHA256	`f63fabe3ed749afb7b1719755170afe965f37e216834adf90dec051811afe657`
SHA3	`f4baf857de57ba1229f413a1165ec8e17dfa3e973f315fda2a082f79a3f64948`

16

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80514`
MD5	`3a1b603eaeaa7aca84afab706054807b`
SHA1	`577ba4baf69c0cc5867167174746fc35fb11e8fd`
SHA256	`cfa68e1c4fe3e613725ec1c45a80c2e4855c07e2d4587c8cf46fac05a78c0145`
SHA3	`dc50fd5dad67b49d6067255f83399ab84ccc7adc2476f3b4db2c652fa24c5169`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`75888939fcf93243e593ecd5e94910d1`
SHA1	`6ee239a33ee1c82d76d6f3df34fc1970531b123c`
SHA256	`d671c8d869661098cd93debcc7d5463c0f6fb0f04c83feade2104a5076b4ab21`
SHA3	`a39bfb2e4ee27c98a75705c2914e833492ba838c49af72907a15a84ad5466257`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x753`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25329`
MD5	`8ddcbbd6b8c80eef68bf9305e59fa1f3`
SHA1	`014923abccec57fa3ad16f65feb0de2b8cbc8408`
SHA256	`1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810`
SHA3	`e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69`

String Table contents

Select destination folder
Extracting %s
Skipping %s
Unexpected end of archive
The file "%s" header is corrupt
Corrupt header is found
Main archive header is corrupt
The archive comment header is corrupt
The archive comment is corrupt
Not enough memory
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s
Checksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s
Packed data checksum error in %s
Write error in the file %s
Read error in the file %s
File close error
The required volume is absent
The archive is either in unknown format or damaged
Extracting from %s
Next volume
The archive header is corrupt
Close
Error
Errors encountered while performing the operation
Look at the information window for more details
bytes
modified on
folder is not accessible
Some files could not be created.
Please close all applications, reboot Windows and restart this installation
Some installation files are corrupt.
Please download a fresh copy and retry the installation
All files
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
<li>Use <b>Browse</b> button to select the destination
folder from the folders tree. It can be also entered
manually.</li><br><br>
<li>If the destination folder does not exist, it will be
created automatically before extraction.</li></ul>
The archive is corrupt
Extracting files to %s folder
Extracting files to temporary folder
Extract
Extraction progress
Total path and file name length must not exceed %d characters
Unknown encryption method in %s
The specified password is incorrect.
Incorrect password for %s
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create hard link %s
You need to unpack the link target first
You may need to run this self-extracting archive as administrator
Pause
Continue
Security warning
Please remove %s from folder %s. It is unsecure to run %s until it is done.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jun-11 09:16:47
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x3ad24`
PointerToRawData	`0x39524`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jun-11 09:16:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3ad78`
PointerToRawData	`0x39578`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jun-11 09:16:47
Version	`0.0`
SizeofData	`924`
AddressOfRawData	`0x3ad8c`
PointerToRawData	`0x3958c`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43e668`
SEHandlerTable	`0x43ac90`
SEHandlerCount	`37`
GuardCFCheckFunctionPointer	`4403808`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xc0990126`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`141`
242 (40116)	`24`
199 (41118)	`2`
ASM objects (VS2015 UPD3 build 24123)	`22`
C objects (VS2015 UPD3 build 24123)	`19`
C++ objects (VS2015 UPD3 build 24123)	`44`
C objects (VS2008 SP1 build 30729)	`10`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`269`
C++ objects (VS2015 UPD3.1 build 24215)	`49`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

284445efc60c1a68e8199c7dc675ff82

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.didat

.rsrc

.reloc

Imports

Delayed Imports

101

102

1

2

3

4

5

6

ASKNEXTVOL

GETPASSWORD1

LICENSEDLG

RENAMEDLG

REPLACEFILEDLG

STARTDLG

7

8

9

10

11

12

13

14

15

16

100

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors