Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Dec-01 18:00:55 |
Detected languages |
English - United States
|
Debug artifacts |
D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256 |
Suspicious | The PE is possibly packed. | Unusual section name found: .didat |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
2250497 bytes of data starting at offset 0x4d400.
The overlay data has an entropy of 7.99988 and is possibly compressed or encrypted. Overlay data amounts for 87.6733% of the executable. |
Malicious | VirusTotal score: 45/67 (Scanned on 2021-11-08 08:10:18) |
Lionic:
Trojan.Win32.Makop.trQA
Elastic: malicious (high confidence) MicroWorld-eScan: Trojan.GenericKD.37967968 FireEye: Generic.mg.4cfc231a44e1d837 CAT-QuickHeal: TrojanDownloader.MSIL ALYac: Trojan.GenericKD.37967968 Cylance: Unsafe K7AntiVirus: Trojan-Downloader ( 0058a0961 ) Alibaba: TrojanDownloader:MSIL/Injuke.31f776eb K7GW: Trojan-Downloader ( 0058a0961 ) Cybereason: malicious.a44e1d Cyren: W32/MSIL_Kryptik.FSG.gen!Eldorado Symantec: Trojan.Gen.MBT ESET-NOD32: multiple detections APEX: Malicious Paloalto: generic.ml Kaspersky: UDS:Trojan-Downloader.MSIL.Seraph.gen BitDefender: Trojan.GenericKD.37967968 Avast: Win32:CrypterX-gen [Trj] Ad-Aware: Trojan.GenericKD.37967968 Emsisoft: Trojan.GenericKD.37967968 (B) Comodo: .UnclassifiedMalware@0 F-Secure: Trojan.TR/Dldr.Agent.sfqvf DrWeb: Trojan.Inject4.18335 TrendMicro: TROJ_FRS.0NA103K821 McAfee-GW-Edition: BehavesLike.Win32.Generic.vc Sophos: Mal/Generic-S SentinelOne: Static AI - Malicious SFX GData: Win32.Malware.Injector.8AP8SJ Avira: TR/Dldr.Agent.sfqvf Antiy-AVL: Trojan/MSIL.Injuke Gridinsoft: Ransom.Win32.Sabsik.sa Arcabit: Trojan.Generic.D2435860 Microsoft: Trojan:Win32/Sabsik.FL.B!ml Cynet: Malicious (score: 100) McAfee: Artemis!4CFC231A44E1 MAX: malware (ai score=82) Malwarebytes: Malware.AI.4288710836 TrendMicro-HouseCall: TROJ_FRS.0NA103K821 Yandex: Trojan.Injuke!udIFvsF0Jxk Ikarus: Trojan-Downloader.MSIL.Agent Fortinet: MSIL/Kryptik.ADJY!tr BitDefenderTheta: Gen:NN.ZemsilF.34266.lm0@auhxFTp AVG: Win32:CrypterX-gen [Trj] Panda: Trj/CI.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2020-Dec-01 18:00:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x31200 |
SizeOfInitializedData | 0x3e600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001EC40 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x33000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x74000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetLastError
SetLastError FormatMessageW GetCurrentProcess DeviceIoControl SetFileTime CloseHandle CreateDirectoryW RemoveDirectoryW CreateFileW DeleteFileW CreateHardLinkW GetShortPathNameW GetLongPathNameW MoveFileW GetFileType GetStdHandle WriteFile ReadFile FlushFileBuffers SetEndOfFile SetFilePointer SetFileAttributesW GetFileAttributesW FindClose FindFirstFileW FindNextFileW GetVersionExW GetCurrentDirectoryW GetFullPathNameW FoldStringW GetModuleFileNameW GetModuleHandleW FindResourceW FreeLibrary GetProcAddress GetCurrentProcessId ExitProcess SetThreadExecutionState Sleep LoadLibraryW GetSystemDirectoryW CompareStringW AllocConsole FreeConsole AttachConsole WriteConsoleW GetProcessAffinityMask CreateThread SetThreadPriority InitializeCriticalSection EnterCriticalSection LeaveCriticalSection DeleteCriticalSection SetEvent ResetEvent ReleaseSemaphore WaitForSingleObject CreateEventW CreateSemaphoreW GetSystemTime SystemTimeToTzSpecificLocalTime TzSpecificLocalTimeToSystemTime SystemTimeToFileTime FileTimeToLocalFileTime LocalFileTimeToFileTime FileTimeToSystemTime GetCPInfo IsDBCSLeadByte MultiByteToWideChar WideCharToMultiByte GlobalAlloc LockResource GlobalLock GlobalUnlock GlobalFree LoadResource SizeofResource SetCurrentDirectoryW GetExitCodeProcess GetLocalTime GetTickCount MapViewOfFile UnmapViewOfFile CreateFileMappingW OpenFileMappingW GetCommandLineW SetEnvironmentVariableW ExpandEnvironmentStringsW GetTempPathW MoveFileExW GetLocaleInfoW GetTimeFormatW GetDateFormatW GetNumberFormatW SetFilePointerEx GetConsoleMode GetConsoleCP HeapSize SetStdHandle GetProcessHeap RaiseException GetSystemInfo VirtualProtect VirtualQuery LoadLibraryExA IsProcessorFeaturePresent IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW QueryPerformanceCounter GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead TerminateProcess RtlUnwind EncodePointer InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW QueryPerformanceFrequency GetModuleHandleExW GetModuleFileNameA GetACP HeapFree HeapAlloc HeapReAlloc GetStringTypeW LCMapStringW FindFirstFileExA FindNextFileA IsValidCodePage GetOEMCP GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW DecodePointer |
---|---|
gdiplus.dll |
GdiplusShutdown
GdiplusStartup GdipCreateHBITMAPFromBitmap GdipCreateBitmapFromStreamICM GdipCreateBitmapFromStream GdipDisposeImage GdipCloneImage GdipFree GdipAlloc |
USER32.dll (delay-loaded) |
PeekMessageW
PostMessageW WaitForInputIdle IsWindowVisible DialogBoxParamW EndDialog GetDlgItemTextW DispatchMessageW SetFocus SetForegroundWindow GetSysColor LoadBitmapW LoadIconW DestroyIcon IsDialogMessageW TranslateMessage GetMessageW wvsprintfW GetClassNameW FindWindowExW MessageBoxW ReleaseDC GetDC SendMessageW LoadCursorW CopyRect MapWindowPoints UpdateWindow DestroyWindow IsWindow CreateWindowExW RegisterClassExW DefWindowProcW CharUpperW OemToCharBuffA LoadStringW GetWindow SetProcessDefaultLayout SetWindowLongW GetWindowLongW GetWindowRect GetClientRect GetSystemMetrics SetDlgItemTextW SetWindowPos GetParent SetWindowTextW EnableWindow GetDlgItem SendDlgItemMessageW ShowWindow |
Attributes | 0x1 |
---|---|
Name | USER32.dll |
ModuleHandle | 0x60cb8 |
DelayImportAddressTable | 0x620a0 |
DelayImportNameTable | 0x3bf84 |
BoundDelayImportTable | 0x3c690 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Select destination folder |
Extracting %s |
Skipping %s |
Unexpected end of archive |
The file "%s" header is corrupt |
Corrupt header is found |
Main archive header is corrupt |
The archive comment header is corrupt |
The archive comment is corrupt |
Not enough memory |
Unknown method in %s |
Cannot open %s |
Cannot create %s |
Cannot create folder %s |
Checksum error in the encrypted file %s. Corrupt file or wrong password. |
Checksum error in %s |
Packed data checksum error in %s |
Write error in the file %s |
Read error in the file %s |
File close error |
The required volume is absent |
The archive is either in unknown format or damaged |
Extracting from %s |
Next volume |
The archive header is corrupt |
Close |
Error |
Errors encountered while performing the operation |
Look at the information window for more details |
bytes |
modified on |
folder is not accessible |
Some files could not be created. |
Please close all applications, reboot Windows and restart this installation |
Some installation files are corrupt. |
Please download a fresh copy and retry the installation |
All files |
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br> |
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br> |
<li>Use <b>Browse</b> button to select the destination |
folder from the folders tree. It can be also entered |
manually.</li><br><br> |
<li>If the destination folder does not exist, it will be |
created automatically before extraction.</li></ul> |
The archive is corrupt |
Extracting files to %s folder |
Extracting files to temporary folder |
Extract |
Extraction progress |
Total path and file name length must not exceed %d characters |
Unknown encryption method in %s |
The specified password is incorrect. |
Incorrect password for %s |
Cannot copy %s to %s. |
Cannot create symbolic link %s |
Cannot create hard link %s |
You need to unpack the link target first |
You may need to run this self-extracting archive as administrator |
Pause |
Continue |
Security warning |
Please remove %s from folder %s. It is unsecure to run %s until it is done. |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Dec-01 18:00:55 |
Version | 0.0 |
SizeofData | 81 |
AddressOfRawData | 0x3ad24 |
PointerToRawData | 0x39324 |
Referenced File | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Dec-01 18:00:55 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x3ad78 |
PointerToRawData | 0x39378 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Dec-01 18:00:55 |
Version | 0.0 |
SizeofData | 924 |
AddressOfRawData | 0x3ad8c |
PointerToRawData | 0x3938c |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x43e668 |
SEHandlerTable | 0x43ac90 |
SEHandlerCount | 37 |
GuardCFCheckFunctionPointer | 4403808 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xb0990126 |
---|---|
Unmarked objects | 0 |
241 (40116) | 13 |
243 (40116) | 141 |
242 (40116) | 24 |
199 (41118) | 2 |
ASM objects (VS2015 UPD3 build 24123) | 22 |
C objects (VS2015 UPD3 build 24123) | 19 |
C++ objects (VS2015 UPD3 build 24123) | 44 |
C objects (VS2008 SP1 build 30729) | 10 |
Imports (VS2008 SP1 build 30729) | 5 |
Total imports | 268 |
C++ objects (VS2015 UPD3.1 build 24215) | 49 |
Exports (VS2015 UPD3.1 build 24215) | 1 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |