Manalyze report for 3a6b464a00c068dbcf7055e42cb2ec9c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-15 10:52:16
Detected languages	English - United States Process Default Language
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
CompanyName	KpoJIuK
FileVersion	`1.0.0.0`
LegalCopyright	KpoJIuK
ProductVersion	`1.0.0.0`
ProgramID	SFX
FileDescription	SFX
ProductName	SFX

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Suspicious	The file contains overlay data.	`236 bytes of data starting at offset 0x60200.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3a6b464a00c068dbcf7055e42cb2ec9c`
SHA1	`91038f3410aa2d9ad16c94ca02deb2044eefda94`
SHA256	`fa39aab9a2d0faaa98a3f5f0fef1643e4d10f28f7783c3c91ae2b25bb239a49a`
SHA3	`50aca37efbe44f2339600b56d1bc59e3a6ea488b0fd946d95659998ab6c8ccb5`
SSDeep	`6144:CSpsmvKrB8TdoXUTKQD5fgQtHFmZtj7QfGZLuOzpIxU:CSpsMKl8poXUKKNgX3jjZLuOzpIxU`
Imports Hash	`8a82f157c756ac0917b2f20e2cfd3058`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2021-Nov-15 10:52:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x31200`
SizeOfInitializedData	`0x2ec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001F040 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x88000`
SizeOfHeaders	`0x400`
Checksum	`0x62343`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2ef752cc8d7c0c0fd2521aa49cdaf8a0`
SHA1	`6dfe0d756fd90365fe7f31ecbc5e9b05c3daf83f`
SHA256	`774572f75a5490f77291424e8391e9fd8a1c7c1b01014f9f51f5dada46e142ff`
SHA3	`68d0d3a57c95b1a055efc86dd90c78ed4cbf224356256d0fd5cbaaa3dc78642c`
VirtualSize	`0x3111a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.70738`

.rdata

MD5	`c2876557c8fef4cdcd234dd458ed0af0`
SHA1	`88a3dbfb808615b15fc4d32d2960706291025881`
SHA256	`b17129e7057c1cac4b0813967ed4f9c9f22677d9039405a50eced1cde5252b1f`
SHA3	`e50905e740dc6c3dad6b93cf6e6280e43829df044aa08119fc22bd3168e24c9b`
VirtualSize	`0xab02`
VirtualAddress	`0x33000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x31600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23282`

.data

MD5	`75541cf85918701d5647e45a2a38b714`
SHA1	`58f8130383d9b90e7dab3c90ae50350a4a42a076`
SHA256	`03e474835d5a851e143e0e20bb3efce28ebb1448bad6a4372a1243b0afd56fab`
SHA3	`bd3ec586319d7b580d18cedee860a0928f2619b0bd418bbff128b041cfd37102`
VirtualSize	`0x246d8`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.34668`

.didat

MD5	`c549f80f3ea0d4a2c6dad11ca7706f8f`
SHA1	`ee60d8dbd985f20373bb2fa66aded4522f9e308a`
SHA256	`b4c4dc33b01d47580f00c0c98f3e240d7f82f88e0efc92f11287522d9edaa40c`
SHA3	`946876cbea45b3ef13d9f33c54934e70bd66df22ec7b3d6aff388e8e67c978b9`
VirtualSize	`0x18c`
VirtualAddress	`0x63000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.29944`

.rsrc

MD5	`2e4d7ca3fcefeefcdf875d70afd8afc5`
SHA1	`de3deeeed993a41d35155efd448c1890c3bb74cd`
SHA256	`471a6311e04a9ad4903b1258d464a5bf55f4e9690dad232c21489d350b22956c`
SHA3	`2a80af4d5d0baf56e31a67167e99dea0b82b2a683b59ab3219acbe221615f0ae`
VirtualSize	`0x20894`
VirtualAddress	`0x64000`
SizeOfRawData	`0x20a00`
PointerToRawData	`0x3d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.73069`

.reloc

MD5	`d0fe4c440a17242fed8ff8c8ab458356`
SHA1	`4134bb698e7c12290676b3abfad2c7e150c0d0ec`
SHA256	`4a1e038c2b8c379527719f5ae4200813b479d36f26e6ad573066587bfdf7bb65`
SHA3	`4e531f9b7ffcff1525565f4ad05fc9a46ed8848a7cf1117e1d99962bd8d8f101`
VirtualSize	`0x2298`
VirtualAddress	`0x85000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x5de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58113`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `FormatMessageW` `GetCurrentProcess` `DeviceIoControl` `SetFileTime` `CloseHandle` `CreateDirectoryW` `RemoveDirectoryW` `CreateFileW` `DeleteFileW` `CreateHardLinkW` `GetShortPathNameW` `GetLongPathNameW` `MoveFileW` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileAttributesW` `GetFileAttributesW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `SetThreadExecutionState` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `GetProcessAffinityMask` `CreateThread` `SetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `LockResource` `GlobalLock` `GlobalUnlock` `GlobalFree` `LoadResource` `SizeofResource` `SetCurrentDirectoryW` `GetExitCodeProcess` `GetLocalTime` `GetTickCount` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `HeapSize` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TerminateProcess` `RtlUnwind` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `DecodePointer`
gdiplus.dll	`GdiplusStartup` `GdipCreateHBITMAPFromBitmap` `GdipCreateBitmapFromStreamICM` `GdiplusShutdown` `GdipCreateBitmapFromStream` `GdipDisposeImage` `GdipCloneImage` `GdipFree` `GdipAlloc`
USER32.dll (delay-loaded)	`PostMessageW` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `EndDialog` `GetDlgItemTextW` `DispatchMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `TranslateMessage` `GetMessageW` `wvsprintfW` `CopyImage` `GetClassNameW` `FindWindowExW` `MessageBoxW` `ReleaseDC` `GetDC` `SendMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetSystemMetrics` `SetDlgItemTextW` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `PeekMessageW` `SendDlgItemMessageW` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x61c78`
DelayImportAddressTable	`0x630a0`
DelayImportNameTable	`0x3c464`
BoundDelayImportTable	`0x3cb80`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`RT_BITMAP`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11276`
MD5	`4ffa6e7d6a6b9912d5ddaa504abb9bcc`
SHA1	`582d8f381a31e118bc149c9a981fe8c7572af70b`
SHA256	`dbe7e26eafdde0123f47d7be098f11a20ce4ecf807439142395cf9c9754c9f50`
SHA3	`de47d093d4d644d222093a1bb3ddce31ee2bc67863e185dfe56ed9ec09025474`
Preview

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83396`
MD5	`b107141cdc0859607cc514e8b208c356`
SHA1	`e27bb0e3a87f714d446dd6dc79bd30569d172ebb`
SHA256	`9c96112d9b436627bf20915782706d481e5cd126e7f77a6666f6c80e875863ef`
SHA3	`3516ee4e2ebdc4c64d91eebd464bf745e0566aca61453958264d3db85b3a0db3`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.92422`
MD5	`2621f637c6c7d0db8be0f69b563ef5dd`
SHA1	`ed475266e4db6dec5875133c99f0111deb04bceb`
SHA256	`16f12d2959fb3a02b8312fb7cd936df48feb5abce7a9fd35c17cbb2a28fd78a7`
SHA3	`08df889b2c7ebffb12ff0a9181022a2bbd43fa937024c242cb6b75c7753288be`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89934`
MD5	`12bdcee5f0cfe1f8ffa9e2c0a1adeaba`
SHA1	`6bf2e26f8a0ad541e15d8edf2054cc73e80fba4f`
SHA256	`ec589108c42affb2db8dbfbf0db3effa6efcf9b4ea834a6d0e5396e15c3db35a`
SHA3	`a2bc7e13313f7aa6c2a623626025da071ae008692bdd591c77c3c8538d7767db`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.27241`
MD5	`50b99b94a377a591f430e82790b9b033`
SHA1	`b2448a7e594efa6e1bd2b7f489ebc9f5f8c058b5`
SHA256	`c9b2f06a01be81320a68e8799fb513a9607c7755ff0f8a1cb43a70f2cd158dd2`
SHA3	`a955bf24223c22c8d3fa59488948ecee734fc7a08d84a9b1243e88c287cc8904`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83024`
MD5	`a6f033789027461f3a5a336c283526b4`
SHA1	`6d8cac98e418b0a174ab0e28babe88cddd3c5b31`
SHA256	`020cb115105db53d9ad24c38b458f95b142f41a97a29471e9e5e9ebbd9d8d259`
SHA3	`fc445bc4d35dcd9bb631d00f748f1649335b85d6ef6e7417489d1a5a680343a1`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xbe87`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92352`
Detected Filetype	PNG graphic file
MD5	`4995ff1475023a731f41bbdaf9b472c5`
SHA1	`5aa323494b6a70e6c288ed5775b5f341cae0c953`
SHA256	`33bb59435d329b932e692090741162d919d9fdb5ac6f0d06fbfee1e1af13ab09`
SHA3	`2710ca1e48ae6fda01ef509b05b38c543cf52087cc08411672c3c7a5d076746f`

7

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49085`
MD5	`f56909ebdcbdb63d88688844c60bbf0c`
SHA1	`2b9e9989321adced9ba8a77bc9bf50aced2d1877`
SHA256	`90af34728784180417581a8bdd86913ea42771a849d86729869f619f52e59217`
SHA3	`b70a22f8be680f0eabc850694f78c04688dc69ce86674de97f796e57801a91b5`

8

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5967`
MD5	`6133469538aa207b64dcdc6e63af4cd3`
SHA1	`e15e66e2752e6b7586aae992807990a910d05faa`
SHA256	`bca66c7bbaf55700b0158182e17375f304f07920c67e6440978db7abf88ba67c`
SHA3	`5acb917ded135098b8ac52852e3b8faf1d6ad12420d6d16f9d8c9eb81754bffc`

9

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68084`
MD5	`a63e2a0adb3d78bc0b2a8afd89b8396b`
SHA1	`610ad2cf2f91ae230681abcdc2e727a4c961312c`
SHA256	`986ee4cdb71a7c30dab1c0ddcbded2dc02c0938354c2f5d36c9af10889392d1d`
SHA3	`dd0bdd6affe58c076d11d5b8a9e01a6ec93747047335aaf7cedd2890bed46fdc`

10

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83905`
MD5	`314d258975d4463a1ac36eaa3e78d571`
SHA1	`e5dfdded8657854dad59f7b4c09d42c081760c55`
SHA256	`ff4edc0d28d124e0d3f4778e831d39cddf816176f8999a6d25a1b215eeea1bb3`
SHA3	`2535709be9faac49fcdbf694cac7b4c8ac3de9b43d8a822ca7c702ce5ba6209a`

11

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98311`
MD5	`ce9414b98effb0c84b244872d19b3191`
SHA1	`4be9911a3bdc6c89676df0f1e6e6adf919a4a103`
SHA256	`5fb67afaf69a7c826cb7b14cc6821fa50d490ada4f9dcf1c371709b374f3fef7`
SHA3	`ae56c5823905b2e5397e4ebfadd91b5b51cfe89f451bc7e15bfc1dfed0f5237f`

12

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05319`
MD5	`cdffcaa6e595ab719b17a35fba08a3c0`
SHA1	`5ab314bd948619951ce808df0a73566f364724dc`
SHA256	`07b5b764ac2c556f7017cdad54f6c25aa8fe8b4558a54a9f6cdd8f2aa174c9f8`
SHA3	`33b29c3d4f03ca76eaf3772d2c9a7e4117745ea097d2f0f2da0ef2ba22cc994b`

13

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09598`
MD5	`740cc6c8ed4dbc339efa9365b2d0aa1d`
SHA1	`aa1dc62da50556d8b2ab86db1bcdc9a1f0a5f692`
SHA256	`7c403df78d591cf46186c6274dbfb5b217af7c552a20f4da22c17f79718cedf0`
SHA3	`56735178752515dae848cb12718a9dd0136de6df6b82297b2c324f048617d81a`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03868`
MD5	`365499af975d15ffb982e7a306ea4629`
SHA1	`766c978230ede7a7269ef1ce0a7f740c7b8c0137`
SHA256	`483080bf44a46dd03902e887e8e7d8fd3b37b3b1fc1afc69588b0cdbc3c8d87d`
SHA3	`2270516bfff336491c80c6a42a3207f5c92cb7ef0563960302b22706091acf0c`

GETPASSWORD1

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84009`
MD5	`33ccaed850f3b0e87dd14d8a8d3d5bd4`
SHA1	`765643f7b30c955e13a9dfbe944f42a539bbc795`
SHA256	`d7bccb4fc112e5ee3af71575fd25b2806568781ccd876a98a607ab49863efd69`
SHA3	`006b1a52a0ee4aded72b53fdf13624ad929e6c1e307d58f197982fccb7f05d2a`

LICENSEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xf2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70073`
MD5	`350b91b0ea3545d6ad49f0367e9a04bb`
SHA1	`5cd337b363aab7ac673ccbcef4bd7a0976017063`
SHA256	`45cee74bb0ad2163281ee43d7735874b78c9ba6d7f5ea17d1a5ab7dbd1a1fd88`
SHA3	`69001591be0330e0a9b9207fabe921342465d6552ab1531152793e7e30473181`

RENAMEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62816`
MD5	`632142fba1840e434bf65e6406e0ae28`
SHA1	`baef9c3020b3f5dcf631ed7ed80568342b8c78ea`
SHA256	`9ea5d1a1ed5a02941fecd70b54985e39691b1dbf06adfed786844c5234d98844`
SHA3	`333a8e2ce5b373a8f38cd8c9610c5bedc3f29c5778d47b6fc899b21454b43349`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82613`
MD5	`d96ce6ed8dbe388d25fab0d7f7076611`
SHA1	`ac04f933f319b439cf5d0e8e812f9b0c17fd4869`
SHA256	`1a30142b93d9f78209dfdd5319af64749c1fa47fbfe4669ffc915d450687ee32`
SHA3	`989f0faa23d6619ac9dfcbe169797eecf73d1a5054c2ecfc8a479fa30bdc4f55`

STARTDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52495`
MD5	`62b36a31f9ae215d179596bd24b28e70`
SHA1	`d949309e7f06ed2ec7186c31c40848602c68c21c`
SHA256	`d06f37c226dd8bbe8c1863874c646e181a67395aa9fb0650e177f1551eda4914`
SHA3	`c15115005e9a9d83aeb7e6b71030b6b7c9cb6eacfec9b32e4f7f5b701d1111e1`

7 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66634`
MD5	`84a2aa6fb93d661b02dd9fae67ce46a4`
SHA1	`a0d1a1952b83298a000a8ba5977f8efc4c86051a`
SHA256	`ec2cb06bbc07bf68507a8f11833a113290c501e50326464bcea8d04df617731a`
SHA3	`19a6131e2b7854011efb80a854c3796528dc49310847d92b644e7d8d7287ff82`

8 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x246`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71728`
MD5	`a2aa034f25589077320a2cdfe5e79159`
SHA1	`786c0972867d2256fd9fb4da7c434e92490307a4`
SHA256	`73a938be272bcf485024a2f1bd64de6cd171d1b2e382a71a6d5265bbd0a27f51`
SHA3	`85ce382c4586156f28fbdb295da379caa92ac7faa66324863d7cc9bd0024fefe`

9 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73856`
MD5	`7eeb00e11496364525d55a3bc8a3ea88`
SHA1	`8f893840f2a27f16267d0765b24c41c59f6daf4f`
SHA256	`f6b4fc2653f5935067f883319bbddef009d32a716bd6484c980d8607a655867d`
SHA3	`d46e4330d674d137d0f221c09e438187adb554d91baa5ec43e247f499f5500bf`

10 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55807`
MD5	`d792ceea3def3f71682eb1eea04b403c`
SHA1	`a920b6a80ab4780f87b408cdf108a1ac82996509`
SHA256	`c7ce5dce1f5c60c9f0669551ba5a5d2cfa52dfdf47ca831ccf62d4aa55af4c24`
SHA3	`6aa103f2885b802f04287d341ba808f97f54fec9ad12a3b19cebda7f6ce023f0`

11 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x47c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90831`
MD5	`1c93cfa1b740413905b4d6e5a359db7c`
SHA1	`b31ac11c180728319bf928ad7c9485ab61cf8d00`
SHA256	`97ece10997819c2808a8d0a7f994fdd9917226ea4d2b6e53116c494ae9798c2d`
SHA3	`b6060ed0d4cb8cc18d1c16ecaaade9375a666eb8b10249e15694c5ea37892011`

12 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x164`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68258`
MD5	`c35f74b91635985b1b9c2a034066d48e`
SHA1	`0ca2026561a14649488829292a3cf65d72e8076d`
SHA256	`bc0a87bc2f823765b06c9308580fb4e7c09a3c584a7cb9355b190ff35c238649`
SHA3	`95baa54f914fd53ffa861353f14caf33195490bee711f1d758b52f1747252ac5`

13 (#2)

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61824`
MD5	`2fcf98fe1351e05994c780638a179f36`
SHA1	`900cff0a51d982580fdbec03cbcb93581dd130d5`
SHA256	`efda66b5ce3770efc226bf58c66404f7f61dd9cf8b98e5a9f8f167c02457f481`
SHA3	`ff524692854a0494afed8006c2910b383707cc25f93db1315b36e5bd97fca024`

14

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61995`
MD5	`a4a9a568a83d61c47d19aefd97e27852`
SHA1	`aa65a41a2f60b7de1b35bb6655f02cf408d04ff9`
SHA256	`83f265e852184711ffb09f50939bba25cb14013804eaea4c516cc544b81afe4c`
SHA3	`aef4a78e8dd8b7a4dc071796053e6ec6933e3e272fdb64863675150c1dc4a9bd`

15

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4037`
MD5	`efde73c917066f48e2ce0d399a2b8b8d`
SHA1	`5ee91d6c6ba3e722cd8affb7fb94c8612c09f8e0`
SHA256	`8a5ed5de64061a372ea6c5e485d96e8b214e9881a4091697c466cd545ee2bda6`
SHA3	`44a7160dc77a24d8120e635da43412fc6314281cc16f2fc15ec89bccdcac2fa3`

16

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44204`
MD5	`63e43a749a76bc1fc16dacc98744ff58`
SHA1	`783d49ca373bf78e2948606b6613b95c390f1106`
SHA256	`1a0adb4e94ef9283ebaed131b1cd14014a5de3886f80ae45ca239d4b46ce1136`
SHA3	`d1ed63a11c24f13bff20e0d4f188309a2566af9b26d9946358c5b8f8f7bf2f76`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11665`
Detected Filetype	Icon file
MD5	`cabf6239529d8843852c8637e06cca1c`
SHA1	`18d1662b29bd2f5eb2b78261cc0b1405519a02e8`
SHA256	`25152b5bb426e945f6f2ab14584bc5e10328b3e7ee6fe1d141bf7af4ce861c95`
SHA3	`a5f2f9f6f264d09ee28f798a44f27b3dafd11dc065ab9d07ad7d232eed45c207`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2044`
MD5	`ce4a1701bd4622fd1a42bb83add723e6`
SHA1	`ccc04926dbf6595747c0df9dbefe02fb505e26cf`
SHA256	`0458a070ae2db68e33c476adf93ecf1a1cb6be1a33fff53782469d82364f4573`
SHA3	`b4be4dbc125cba55a79152b518fcd0ac2cc7a2d26659ade7b314bbf34a0584e0`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x75e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24978`
MD5	`ac7be1b128ec14d0a735a4986204c8dc`
SHA1	`0c502d7feda7c4dc172a5af7ef67b8e6050f519c`
SHA256	`ea932f4dd9f86d6a83eb2ca2564c933d0110688404aa8734889f2737c4f6ebfa`
SHA3	`9b2764282aeaf6e7cd7f2a0a04727d5c7afdbdb5d10e21d7387e7d4ca9972a62`

String Table contents

Выберите папку для извлечения
Извлечение %s
Пропуск %s
Неожиданный конец архива
Повреждён заголовок файла "%s"
Обнаружен повреждённый заголовок
Повреждён главный заголовок архива
Повреждён заголовок комментария архива
Повреждён комментарий архива
Недостаточно памяти
Неизвестный метод в %s
Невозможно открыть %s
Невозможно создать %s
Невозможно создать папку %s
Ошибка контрольной суммы в зашифрованном файле %s. Файл повреждён или указан неверный пароль.
Ошибка контрольной суммы в %s
Ошибка контрольной суммы сжатых данных в %s
Ошибка записи в файле %s
Ошибка чтения в файле %s
Ошибка закрытия файла
Отсутствует необходимый том
Архив повреждён или имеет неизвестный формат
Извлечение из %s
Следующий том
Повреждён заголовок архива
Закрыть
Ошибка
Ошибки при выполнении операции.
См. окно с информацией
байт
изменён
папка недоступна
Некоторые файлы не были созданы.
Попробуйте повторить установку, закрыв другие приложения и перезагрузив Windows.
Некоторые установочные файлы повреждены.
Загрузите свежую копию и повторите установку
Все файлы
<ul><li>Нажмите кнопку <b><i>Установить</i></b>, чтобы начать извлечение.</li><br><br>
<ul><li>Нажмите кнопку <b><i>Извлечь</i></b>, чтобы начать извлечение.</li><br><br>
<li>Кнопка <b><i>Обзор</i></b> позволяет выбрать папку назначения
в дереве папок. Имя папки также можно ввести
вручную.</li><br><br>
<li>Если папки назначения не существует, то она будет
создана автоматически до начала процесса извлечения.</li></ul>
Архив повреждён
Извлечение файлов в папку %s
Извлечение файлов во временную папку
Извлечь
Ход извлечения
Максимум символов в пути и имени файла: %d
Неизвестный метод шифрования в %s
Указан неверный пароль.
Неверный пароль для %s
Невозможно скопировать %s в %s.
Невозможно создать символическую ссылку %s
Невозможно создать жёсткую ссылку %s
Сначала нужно распаковать целевой объект ссылки
Попробуйте запустить этот самораспаковывающийся архив от имени администратора
Приостановить
Продолжить
Предупреждение о безопасности
Удалите %s из папки %s. Пока это не сделано, запускать %s небезопасно.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	KpoJIuK
FileVersion (#2)	1.0.0.0
LegalCopyright	KpoJIuK
ProductVersion (#2)	1.0.0.0
ProgramID	SFX
FileDescription	SFX
ProductName	SFX

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Nov-15 10:52:16
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x3b14c`
PointerToRawData	`0x3974c`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Nov-15 10:52:16
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3b1a0`
PointerToRawData	`0x397a0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Nov-15 10:52:16
Version	`0.0`
SizeofData	`964`
AddressOfRawData	`0x3b1b4`
PointerToRawData	`0x397b4`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43e7ac`
SEHandlerTable	`0x43b078`
SEHandlerCount	`38`
GuardCFCheckFunctionPointer	`4403808`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xe01482bb`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`142`
242 (40116)	`24`
253 (30625)	`2`
C objects (30625)	`18`
ASM objects (30625)	`23`
C++ objects (30625)	`47`
C objects (VS2008 SP1 build 30729)	`10`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`266`
C++ objects (VS2022 (17.0.0-1) compiler 30705)	`49`
Exports (VS2022 (17.0.0-1) compiler 30705)	`1`
Resource objects (VS2022 (17.0.0-1) compiler 30705)	`1`
Linker (VS2022 (17.0.0-1) compiler 30705)	`1`

Errors

[*] Warning: Raw bytes from section .text could not be obtained.