Manalyze report for 2e31fbc74058ff35f4d1a52e7c042512

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Dec-01 18:00:55
Detected languages	English - United States German - Germany
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Info	The PE is digitally signed.	`Signer: HI-Softwarehandel GmbH` `Issuer: COMODO RSA Extended Validation Code Signing CA`
Suspicious	VirusTotal score: 1/70 (Scanned on 2025-05-13 13:34:44)	`CAT-QuickHeal: Trojan.Ghanarava.1640590086042512`

Hashes

MD5	`2e31fbc74058ff35f4d1a52e7c042512`
SHA1	`4490878fbbad8104160c511e234e3e89eadc1ea2`
SHA256	`ebe1236d187b583fb2f1b00c2d58ff3b8b37f7a467cf15d5c252d3efeb8deec0`
SHA3	`2a1c3e97b9409a40a5d347792f21dc9339922f6b27a08f1a59d120df3fa903aa`
SSDeep	`49152:FbA3LxaBEQRysgP0DtCXAXeoA0HOBBDXHJYcgF+yUFVGpFtz0nWfiw09sqjF:Fb7iv9ue4aBtGe2pFOYss6`
Imports Hash	`d9c7fe34007b0a8d96909f8101072f46`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2020-Dec-01 18:00:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x31200`
SizeOfInitializedData	`0x3ec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001EC40 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x75000`
SizeOfHeaders	`0x400`
Checksum	`0x3041d3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c5bf61bbedb6ad471e9dc6266398e965`
SHA1	`85ba0e85c3b341d29903bac4cc9748b86b5aec59`
SHA256	`3a2ff9b9a2c548b4856e32d6fb99df0a6465ee7986dc550d067fca7fb0a4aa42`
SHA3	`7787fa09c0b6129fd9ff1632f670debf88b31c20a97df4405ed168b157a562d6`
VirtualSize	`0x310ea`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70808`

.rdata

MD5	`7980b588d5b28128a2f3c36cabe2ce98`
SHA1	`d1c65ab34aba92c118fabac07f130027d9afd450`
SHA256	`d739978cbddded21b2f865dc6ec6b845b4f01cf26f697d96ab24227d949e307c`
SHA3	`3d57e3f168dcb26b251f834ba030fa2af208658c2fb57d0d257b9fe8dfbeb457`
VirtualSize	`0xa612`
VirtualAddress	`0x33000`
SizeOfRawData	`0xa800`
PointerToRawData	`0x31600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.22174`

.data

MD5	`201530c9e56f172adf2473053298d48f`
SHA1	`6b160855a24650fb6df8fda051e6a773aefbb0ae`
SHA256	`1c4f76453eb9c9c3d1d1393f8d3e040adaa312e787da2cb9bfb141c84fa6223c`
SHA3	`a573d63ed6b08dae2d342140b728396cd57b7b1a9fc424af5459ec8338336acf`
VirtualSize	`0x23728`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.70882`

.didat

MD5	`c5d41d8f254f69e567595ab94266cfdc`
SHA1	`a82f4d348f331c812feea68e9dd6ac1b771f1e66`
SHA256	`645bde0bbb07ec2fe8fa92b42e990539e695239a2f56abe7bcb89d2a0584e778`
SHA3	`3d0027fe11ce3e3a33d834a835723988c701066262d467b92c35d83722dc99d5`
VirtualSize	`0x188`
VirtualAddress	`0x62000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.29825`

.rsrc

MD5	`5eb7ee6493b6fc7ea014ebd76bfabadd`
SHA1	`e254836d949d55a78d2df8ae5083d38072dc4bc1`
SHA256	`ddda6cfbeb82a072be107f68cd6a2f7ff8cda481f80c6fc1f5cda23e35ec0387`
SHA3	`c682e343957788555535ffab17f3e51053bc6405da4d5e8dc382f3c79d7e5d2e`
VirtualSize	`0xe4e7`
VirtualAddress	`0x63000`
SizeOfRawData	`0xe600`
PointerToRawData	`0x3d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58029`

.reloc

MD5	`c7a942b723cb29d9c02f7c611b544b50`
SHA1	`35955d28bc54fd26de6997c8b4b80a3cb02dda5c`
SHA256	`d2f7854a7534a82677499e709a62c71225a8f83bae2020be1acd2549ba85e627`
SHA3	`19475bfc65c2ef55f63108ce9ad33b8690cedf0c126d5f0a2d29bdb95e02f26d`
VirtualSize	`0x2268`
VirtualAddress	`0x72000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x4b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55486`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `FormatMessageW` `GetCurrentProcess` `DeviceIoControl` `SetFileTime` `CloseHandle` `CreateDirectoryW` `RemoveDirectoryW` `CreateFileW` `DeleteFileW` `CreateHardLinkW` `GetShortPathNameW` `GetLongPathNameW` `MoveFileW` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileAttributesW` `GetFileAttributesW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `SetThreadExecutionState` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `GetProcessAffinityMask` `CreateThread` `SetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `LockResource` `GlobalLock` `GlobalUnlock` `GlobalFree` `LoadResource` `SizeofResource` `SetCurrentDirectoryW` `GetExitCodeProcess` `GetLocalTime` `GetTickCount` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `HeapSize` `SetStdHandle` `GetProcessHeap` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TerminateProcess` `RtlUnwind` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `DecodePointer`
gdiplus.dll	`GdiplusShutdown` `GdiplusStartup` `GdipCreateHBITMAPFromBitmap` `GdipCreateBitmapFromStreamICM` `GdipCreateBitmapFromStream` `GdipDisposeImage` `GdipCloneImage` `GdipFree` `GdipAlloc`
USER32.dll (delay-loaded)	`PeekMessageW` `PostMessageW` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `EndDialog` `GetDlgItemTextW` `DispatchMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `TranslateMessage` `GetMessageW` `wvsprintfW` `GetClassNameW` `FindWindowExW` `MessageBoxW` `ReleaseDC` `GetDC` `SendMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetSystemMetrics` `SetDlgItemTextW` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `SendDlgItemMessageW` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x60cb8`
DelayImportAddressTable	`0x620a0`
DelayImportNameTable	`0x3bf84`
BoundDelayImportTable	`0x3c690`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb45`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87356`
Detected Filetype	PNG graphic file
MD5	`63486a769bbe3f49d5848b9c69734a25`
SHA1	`e48bd36c2f23c238206bdddf3ebb6d6862905710`
SHA256	`a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c`
SHA3	`7e9dc73ef6ee0ce127eee80c5daf334bd98ed2d2f262376ed7760866816d815b`

102

Type	`PNG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80129`
Detected Filetype	PNG graphic file
MD5	`e6ccfb6d9ffd4e1a907a47761c64bd79`
SHA1	`d6a2994dedae3527a878140aa60dcaa087b90445`
SHA256	`27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68`
SHA3	`11423dcd0ab4c11695ad71f56e4fcdfc4b20a38cc6ac653ab7575f7dd024d0e5`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.97409`
MD5	`c357a2678e5234d9d0d93b80fff556eb`
SHA1	`f575af42db3045470df63787d678b61b3f696637`
SHA256	`573c9bd29dea90ed994bad702ec79c41e98e1c8fb54b7964ec05ed1e64efefd1`
SHA3	`74ecef77dbd4ce361c6226d842d49a2c28a318af22f9dc81baa2524ab14bdda9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10026`
MD5	`e55630d67fb64ba59f51d8266d31ff01`
SHA1	`b7b5b8c32742d7c3e2ef39fd5432eb22fd378048`
SHA256	`85fe3ae58f9c30ca21251517164585fbb10f8490f0790dd15859438c1ca59729`
SHA3	`9282845cf7d52c29ac721534751a56a1fcb3e2c625c186a4934cd6956ba317a7`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25868`
MD5	`73a958fb4dece366b7cf2f80de03528f`
SHA1	`f091434598195479caeb051cd932b64076d7840e`
SHA256	`32bd1078137a5367d204b941cf6d970abbe1a520ac9e54b63d56f7e2f8a326ae`
SHA3	`932882004db4780e9e260450182e91296e4ade6d07f3e1a3382f5d80b2b7b86e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02609`
MD5	`e768244eed218cd473905b37afb09cce`
SHA1	`340c145b2b5a4393aa4b09bbdda14a84259b6c7b`
SHA256	`6e296a4f88254d5c4e4f1871f425e8d9c5ca08846d5c90cb3bc9ceee89c91ae3`
SHA3	`f0a0dda5ab093a3211b8d4608dec0f9fd7ebcad96d357a449ae4b74d12051f4b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18109`
MD5	`45fbeb8fc40ffa66db2f901c50a7ab8a`
SHA1	`d302538cba2599add5c8d0070cd2c5b3f077cf6a`
SHA256	`574ed44e93b206d0b5b4354fba244af5a573796db738e34ca37a6e061b0fed3f`
SHA3	`da977a245bb5f556f77ef1ddb5b59f96e6fc9225db7d2048eadc5441a692ae48`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04307`
MD5	`da87510c3aabe7851c7c5d0493dbb14a`
SHA1	`4c59f617d7cebc871df1417f61c64a98556eda99`
SHA256	`91b392c6bd14fa9d9bcab2afc2b37825779abae8b32443ce0a5ee0d9793f8fe2`
SHA3	`582d345c2dd3b6dfa7daef53c039faa49be1b9cc8f749b08ca35fe6493b3bb46`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d71`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94547`
Detected Filetype	PNG graphic file
MD5	`7b678b6cb96c363d9e0adc3a1b3b4893`
SHA1	`c7e817672b686eb66bf5907da1efaef1dec8e06e`
SHA256	`6f86849b026f0c45c0c8a1145048960bbdefdaea3beac030f114b1ff16057994`
SHA3	`350e01112644403dd6d571343e7b00aa3d24e1b6fac796956f564355dde57fa9`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44447`
MD5	`0ee60eb81d5b93c84a55b2b7e3f1a90f`
SHA1	`4cc539a21341de53ef36c117094a1616627761ad`
SHA256	`3bddd23dd864c8502fc31906365506285ddad37bb63fb04844d8c5ac21998fa3`
SHA3	`7a27e72db0e63c3eeca8c1aedcd8014d89fa832f9408bc36c2380a2a0bccaef9`

GETPASSWORD1

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x160`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31477`
MD5	`4101b4f3b1f91790088c3b1659313578`
SHA1	`a4bd191985194be3c5ff0dcf9af48d2292537467`
SHA256	`afc197fc10848829b08d477435d7cd7e2997496eb065f86680244fb159e03894`
SHA3	`b1c8318e3eb5f546d425aaa5c8faed648b75ebbad219809d8135f9deef49a0c5`

LICENSEDLG

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21631`
MD5	`3dd6eb395442a23a859bb995a835151c`
SHA1	`73f093e54f8ee09dacf8034842aceebfc9cc7d06`
SHA256	`57f1bead92dcc6cd301a0ca66bd8bc79e2ed5b3abadfd4e98e0e78c2a063584d`
SHA3	`f54248bb1444091c96a6eb5beab0bf0756ac8169d471d04f04a86f1d9dfc9514`

RENAMEDLG

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16373`
MD5	`268ffcc11666628672ea98862dcb8b11`
SHA1	`d919f7f9ef9c82294cce571a938b025fc1e145c5`
SHA256	`5149ac224d1000b7a67eedac4ef2e52f9ad4784fc87e105e4d7d4a62274a2ee1`
SHA3	`366d896db4060bf45aa63abadfd03523e1ec86e7d14108dde8b5c69761bededa`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x354`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31366`
MD5	`75097a2fe4615bb636bdf2727d143063`
SHA1	`256b66b404a15ed02deabd5e611d38f5b1b6e8d3`
SHA256	`5766e59a573028a1c6c0c4300f1769b1823f2432caf58c01c4b913ba83c4c9ee`
SHA3	`6e3d6d6e3414fb62016cb707f291437431b4d72aeff0906519a7615b24b3a67a`

STARTDLG

Type	`RT_DIALOG`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x278`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5189`
MD5	`afbb32fa5471329314feb34fb1d7144b`
SHA1	`a31bcd5ab23ea422877d4eea6cb4b112500650da`
SHA256	`8e405a4547bcc73d05927ce4e0b378406286c27c26f491acac378dcc978d5c3d`
SHA3	`057fb86d796a0c6dab120d5e438bc5c54a2bd17d70fb875fd268cc86365e291b`

7 (#2)

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23498`
MD5	`2ff8544656f93311015720390b86cf85`
SHA1	`69d75ed68bcb9f38ce39df511ca4918ad5f4e38b`
SHA256	`eaee743d60e7be26dee08ffcf4a7ab2ab17055d48a0a89f397434912e82dc87c`
SHA3	`96678125d81afb91b4b543c2adfb4a0866e869fce515b75c8eebbd55389d9a2f`

8

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x268`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21532`
MD5	`457219e879042eb98b9e16a201c68dba`
SHA1	`3f8e7ecb18ad5627f9acd407d536c4b53697c068`
SHA256	`61cf7d02194563ec76f6716c01721e3b4f32240e24d45fe6b639cb1258c0fb5d`
SHA3	`66f34e23bf7c320f8494ff6868c91d6ec1e36084947cb3b86fd97ddebf80c5f5`

9

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x218`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18248`
MD5	`a6b1f3e8603adc1c00077a9e025c1334`
SHA1	`8d7d986e5bf6fbc0ebf910a8527b6851885ce5b1`
SHA256	`8eef56b68792a6d1a7a64800a1478991f29aaa833a9fd5d2b34a13ffd2dfb6a1`
SHA3	`7721f7de92057629b6b85b011b7aec8fe9070f1fa589653c2e6f51c8152eeef8`

10

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x1a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20175`
MD5	`bf0d28cf6111231e19f07cf2a1cfc1bf`
SHA1	`9f94f87f065741ace0c831a25abc8336e9870bc8`
SHA256	`38c8a8228daf7f6d3606c84feefb01706cff02a2f7f732d4f155d632e6460ae7`
SHA3	`f2c650c46cbf301da8b9d6f88d2dceaf54ad45714cf1dd4c37d711c0d9fbdbc8`

11

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x58c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26944`
MD5	`6007868679a1179ca8b4eca072181eb5`
SHA1	`127a1392972fbe32a9e3f5200119686250871cac`
SHA256	`c5836cbd8dc68d9079edba325624057ab4b70755a0f355dcdb8a51d632938d94`
SHA3	`b182db3ad1f58abb22e3ebe91e66fe21958fd6246cc9b00a21b8b6221a31fd09`

12

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x1a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18751`
MD5	`2d82a09b734fc7ca0e0c10995daeb912`
SHA1	`f440f4fab882039064a195ae69578495aaaf6c70`
SHA256	`99fc9fd5e2b8f432fd9604e70aacb161de63686c191310682416da359c877e9a`
SHA3	`4749d5a95773eba82de860dd3746e9e7cd63340b947789a94228dbc2577f59fb`

13

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11098`
MD5	`3f689f8f26ec45b130082f2b98ef3fd1`
SHA1	`10ca8f668ed090a784b440da4c6579bd7364d247`
SHA256	`f1170b73fe581e674eb22d3c3235687ffa5c32a0dd696abc05544ce5e9634e07`
SHA3	`22cd40bcbd403cb98630a6c156631759abc83c71e4759de5aadbe29322f984e3`

14

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96236`
MD5	`263c8984eac06c6d661ea18c00936c3b`
SHA1	`1a84bfcf449e86baa92c3832d5c93591e4d9aa4a`
SHA256	`90138f3add72d0db26a6f284a278cd1ff5d8a5734eacb2928c3c0885e0f42604`
SHA3	`671df085f421be6626a8255ab4df08406e912c456d24d0e9d9528fc7c496f77b`

15

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97704`
MD5	`c7f20e878ea66b69948e786dda07b9ee`
SHA1	`53afbcfb134fd23dd049a3a72c883563cf36a9e8`
SHA256	`53ac9388d1e91a3e54bd0fd1dd6a96f06be751b542b0ecd2fd0a8b58c782f2bc`
SHA3	`f8cb999543fb66307b3601455be87bfd3a62fb21636de7f97e10f112960d969b`

16

Type	`RT_STRING`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89779`
MD5	`0e04671050994b92f3af25e813a79ab8`
SHA1	`2a581315e83e3bcd710966cccdee50cdf460b50a`
SHA256	`19acc41727cf1b8b11103354b404f69d3c25af4950d56ff13a7125d1f8847649`
SHA3	`0810439173233c994cb4a60392bfb580837ab9c67e680c798428dcb8cc06b42b`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`216b6c99a73c9bdc965962e9c7ced2ec`
SHA1	`3432d1355ff9f39aa7c8832ef6e37ff118bce043`
SHA256	`4fd3c618bd4aea3ab42334f2e9375a22a7ef5e7ebf6da9f69c2249d6b6584ffe`
SHA3	`015714e195a897ffdf3e2b709ed0d7e6c07d80c9624587ab4e16effef840af5d`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x753`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25329`
MD5	`8ddcbbd6b8c80eef68bf9305e59fa1f3`
SHA1	`014923abccec57fa3ad16f65feb0de2b8cbc8408`
SHA256	`1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810`
SHA3	`e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69`

String Table contents

Zielverzeichnis wählen
Entpacke %s
Überspringe %s
Unterwartetes Archivende.
Der Header der Datei "%s" ist beschädigt.
Ein beschädigter Header wurde gefunden.
Der Hauptarchivheader ist beschädigt.
Der Archivkommentarheader ist beschädigt.
Der Archivkommentar ist beschädigt.
Nicht genügend Speicher.
Unbekannte Methode in %s.
Kann %s nicht öffnen.
Kann %s nicht erstellen.
Kann Verzeichnis %s nicht erstellen.
Prüfsummenfehler der verschlüsselten Datei %s. Beschädigte Datei oder falsches Passwort.
Prüfsummenfehler der Datei %s.
Prüfsummenfehler der gepackten Daten von %s.
Schreibfehler bei der Datei %s.
Lesefehler bei der Datei %s.
Fehler beim Schließen einer Datei.
Das benötigte Volumen fehlt.
Das Archiv hat entweder ein unbekanntes Format oder ist beschädigt.
Entpacke aus %s
Nächstes Volumen
Der Archivheader ist beschädigt.
&Schließen
Fehler
Es gab Fehler während der Ausführung der Operation.
Schauen Sie ins Informations-Fenster für weitere Details.
Bytes
geändert am
Auf das Verzeichnis kann nicht zugegriffen werden.
Einige Dateien konnten nicht erstellt werden.
Bitte schließen Sie alle Anwendungen, starten sie Windows neu und starten Sie die Installation erneut.
Einige der Installationsdateien sind beschädigt.
Bitte laden Sie eine fehlerfreie Version der Datei herunter und wiederholen Sie die Installation.
Alle Dateien
<ul><li>Drücken Sie <b>Installieren</b>, um die Dateien im Archiv zu entpacken.</li><br><br>
<ul><li>Drücken Sie <b>Entpacken</b>, um die Dateien im Archiv zu entpacken.</li><br><br>
<li>Drücken Sie <b>Durchsuchen</b>, um das Zielverzeichnis aus dem
Verzeichnisbaum zu wählen. Es kann aber
auch manuell eingegeben werden.</li><br><br>
<li>Wenn das Zielverzeichnis nicht vorhanden ist, wird es
automatisch vor dem Entpacken angelegt.</li></ul>
Das Archiv ist beschädigt.
Entpacke Dateien in den Ordner %s
Entpacke Dateien in den Ordner für temporäre Dateien
&Entpacken
Fortschritt beim Entpacken
Der Verzeichnispfad und der Dateiname dürfen zusammen nicht länger als %d Zeichen sein.
Unbekannte Verschlüsselungsmethode in %s.
Das angegebene Passwort ist falsch.
Falsches Passwort für %s.
Konnte %s nicht nach %s kopieren.
Konnte den symbolischen Link %s nicht erstellen.
Konnte den harten Link %s nicht erstellen.
Sie müssen zuerst das Linkziel entpacken.
Sie müssen dieses selbstentpackende Archiv möglicherweise als Administrator ausführen.
&Pause
&Fortfahren
Sicherheitswarnung
Entfernen Sie bitte %s aus dem Verzeichnis %s. Es ist unsicher, %s auszuführen, wenn die genannte Datei nicht entfernt wird.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Dec-01 18:00:55
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x3ad24`
PointerToRawData	`0x39324`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Dec-01 18:00:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3ad78`
PointerToRawData	`0x39378`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Dec-01 18:00:55
Version	`0.0`
SizeofData	`924`
AddressOfRawData	`0x3ad8c`
PointerToRawData	`0x3938c`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43e668`
SEHandlerTable	`0x43ac90`
SEHandlerCount	`37`
GuardCFCheckFunctionPointer	`4403808`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xb0990126`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`141`
242 (40116)	`24`
199 (41118)	`2`
ASM objects (VS2015 UPD3 build 24123)	`22`
C objects (VS2015 UPD3 build 24123)	`19`
C++ objects (VS2015 UPD3 build 24123)	`44`
C objects (VS2008 SP1 build 30729)	`10`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`268`
C++ objects (VS2015 UPD3.1 build 24215)	`49`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

2e31fbc74058ff35f4d1a52e7c042512

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.didat

.rsrc

.reloc

Imports

Delayed Imports

101

102

1

2

3

4

5

6

7

ASKNEXTVOL

GETPASSWORD1

LICENSEDLG

RENAMEDLG

REPLACEFILEDLG

STARTDLG

7 (#2)

8

9

10

11

12

13

14

15

16

100

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors