5b196966775a457baad75f48ba68bf09

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Jul-28 09:26:23
Detected languages English - United States
Process Default Language
Debug artifacts D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Accesses the WMI:
  • ROOT\CIMV2
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .fptable
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExA
  • LoadLibraryExW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
Suspicious The file contains overlay data. 9361189 bytes of data starting at offset 0xd0400.
The overlay data has an entropy of 7.99918 and is possibly compressed or encrypted.
Overlay data amounts for 91.6489% of the executable.
Malicious VirusTotal score: 22/72 (Scanned on 2026-02-01 08:36:13) ALYac: Trojan.GenericKD.78622738
APEX: Malicious
Arcabit: Trojan.Generic.D4AFB012
BitDefender: Trojan.GenericKD.78622738
Bkav: W64.AIDetectMalware
CAT-QuickHeal: Trojan.Agent
CTX: exe.trojan.generic
CrowdStrike: win/malicious_confidence_90% (D)
DeepInstinct: MALICIOUS
Elastic: malicious (moderate confidence)
Emsisoft: Trojan.GenericKD.78622738 (B)
Fortinet: W32/PossibleThreat
GData: Trojan.GenericKD.78622738
Google: Detected
Ikarus: Trojan.MSIL.HackTool
Lionic: Trojan.Win64.Agent.tsUh
Malwarebytes: MachineLearning/Anomalous.96%
MicroWorld-eScan: Trojan.GenericKD.78622738
TrellixENS: Artemis!5B196966775A
TrendMicro-HouseCall: TROJ_GEN.R002H09AR26
VIPRE: Trojan.GenericKD.78622738
alibabacloud: Suspicious

Hashes

MD5 5b196966775a457baad75f48ba68bf09
SHA1 c0b33a362f736e963ff7b6a9b4899bbfe32c2c85
SHA256 0e1c7f7ad22717fabc878ae499bfcf7c8983585c6dddee8df80c79b75dac17a6
SHA3 36da3e828bd05c3999abd8af9175d71160bea4cbf1356e5b90aa8f8548ee2868
SSDeep 196608:LZhrNU19dY6hV0yVLO+tA/X0rIlhpXB0FOsnr6ePcoygJ2wsVSTMVX:LZhC19dnDtA/krITpB0FOAr6scoygwwG
Imports Hash 2713c631ddb92df995cf7b854354f7a0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2025-Jul-28 09:26:23
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x4cc00
SizeOfInitializedData 0x83400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000033DB0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xe2000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9aa10700149ae29500f0d98ced9715fd
SHA1 ce79a903432d655d5e8dccf81bf28b9716320af6
SHA256 eb37e26f6a34ecb7c373fb464eda251bc425202fe6fe0ff3db45e55889dd9f49
SHA3 766ad369842e1078000d37a7076d29cd3ee33f6a241564f2e3042118fa376b48
VirtualSize 0x4ca5c
VirtualAddress 0x1000
SizeOfRawData 0x4cc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.48624

.rdata

MD5 3bc4f14038b6781383d30110090c5c80
SHA1 40e51ba6a037931bde3433c7bcf917115fdde1f3
SHA256 3faac4a88667cc6f466023c7d0556db36eb5b73de14a2d7b0380f0f83908d792
SHA3 88ba7afc27cdbb9bf36db4c000997e0ced2a5a86b77fa98123e391c1766df9c2
VirtualSize 0x15424
VirtualAddress 0x4e000
SizeOfRawData 0x15600
PointerToRawData 0x4d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.36761

.data

MD5 870a5171c730977fa3641c59f1e0c65c
SHA1 9f76bcb94dde3e0f7be16cd9d249155c2533b0b4
SHA256 15ea27c8326664ef3371d45d33ce50b2e9258b113a5fbb434887ca88d0b570d3
SHA3 a7e38ddafe889166abb8a6668080b65915c4e36272853d658bf7f075a4fa052a
VirtualSize 0xe7fc
VirtualAddress 0x64000
SizeOfRawData 0x1c00
PointerToRawData 0x62600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.06161

.pdata

MD5 ca46357fc8c832a04930f231b9f7b7fc
SHA1 3c90d3e2f451c8ff92a4da705921a4365d1120a0
SHA256 7c32fdc2722a65cabd44e91e6623aade6b0ce2536a342d8f11bad6fb19b7e78d
SHA3 5f2314f5a692869a3b0b01ddb1a0f38815485664cb5f0028e8fc7c79a6305115
VirtualSize 0x3360
VirtualAddress 0x73000
SizeOfRawData 0x3400
PointerToRawData 0x64200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.63471

.didat

MD5 cfa7e1124694b5b5679fcca8d82f615f
SHA1 3df01f1653c9fd70a169da836b4ebdb402f40d01
SHA256 8b3f59823a6ed98a28ee267c4f6448e0fe5e13bcdd4ed3e30ca25def0421f4ff
SHA3 6562b865cbdd8b9360fb59949320f9c2a52aa28464dd8b975915fbb4081c0f16
VirtualSize 0x368
VirtualAddress 0x77000
SizeOfRawData 0x400
PointerToRawData 0x67600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.04555

.fptable

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x78000
SizeOfRawData 0x200
PointerToRawData 0x67a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 4e14ed7c1e9d235bc208963fb5aa0f7b
SHA1 5e61a5a9f8f2c10470fabf119c4386d82fa5156d
SHA256 4ebadc726418d9c4dbe8e5e21a5bf23f2864594e94accfef73de105bb11a2a77
SHA3 b9c0cf2d6ca75af52d6ca21e6762f40cf30af1bd38daf7f0a644c2658ed8e40f
VirtualSize 0x67c54
VirtualAddress 0x79000
SizeOfRawData 0x67e00
PointerToRawData 0x67c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.57519

.reloc

MD5 23f6ea5c3540739cd4b48ea04debf135
SHA1 a60bbfcd920f38fadb967d7e4833b1ff19a21027
SHA256 ff97864ccf7661db70bee0ff7132506ca004a35025ba359ed34a716831faeec9
SHA3 389eda9335df81ba64ebb913db5a886d843d5cf92396812505db2b3751e25d29
VirtualSize 0x99c
VirtualAddress 0xe1000
SizeOfRawData 0xa00
PointerToRawData 0xcfa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.37604

Imports

KERNEL32.dll CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
WaitForSingleObject
CreateEventW
SetLastError
LocalFree
FormatMessageW
DeleteFileW
RemoveDirectoryW
SetFileTime
DeviceIoControl
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
MoveFileW
GetStdHandle
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointer
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
Sleep
GetCurrentProcess
ExitProcess
GetSystemDirectoryW
LoadLibraryW
SetThreadExecutionState
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
CreateThread
SetThreadPriority
GetProcessAffinityMask
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GlobalAlloc
GlobalMemoryStatusEx
LoadResource
LockResource
SizeofResource
GlobalUnlock
GlobalLock
GlobalFree
GetDateFormatW
GetTimeFormatW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
GetExitCodeProcess
GetLocalTime
GetTickCount
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
InitializeCriticalSectionEx
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
OLEAUT32.dll SysAllocString
SysFreeString
VariantClear
gdiplus.dll GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc
USER32.dll (delay-loaded) DialogBoxParamW
EndDialog
GetDlgItemTextW
SendDlgItemMessageW
WaitForInputIdle
SetForegroundWindow
GetSysColor
LoadBitmapW
LoadIconW
DestroyIcon
IsDialogMessageW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetUserObjectInformationW
CopyImage
FindWindowExW
MessageBoxW
ReleaseDC
GetDC
LoadCursorW
SetWindowLongPtrW
CopyRect
MapWindowPoints
UpdateWindow
MoveWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
CharUpperW
LoadStringW
GetWindow
SetProcessDefaultLayout
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
GetSystemMetrics
SetWindowPos
GetClassNameW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EnableWindow
SetDlgItemTextW
GetDlgItem
ShowWindow
IsWindowVisible
SetFocus
SendMessageW

Delayed Imports

Attributes 0x1
Name USER32.dll
ModuleHandle 0x716b8
DelayImportAddressTable 0x77168
DelayImportNameTable 0x614a8
BoundDelayImportTable 0x61db8
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

101

Type PNG
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x758
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.01363
Detected Filetype PNG graphic file
MD5 9425e0b15522eb55684bb87733bb20f4
SHA1 810d5ca3a8962b264a2dbb2b77c6bb1e4fd38ce6
SHA256 bfa1d07d2d0751eb19ea4c0e6482f6113f8ceff84abb5d866dbfce1a19206bf0
SHA3 e6fc10e2554622bc9aa318fe0e8b67637913c79ba175d3f34b8d04d36a4ef54b

1

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xa068
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.35497
MD5 593d19885ebbba0038e8cb811469bd05
SHA1 540e84487560704bfb66ac901b41989f27e9168c
SHA256 a87e052abe4332266c4d75c976426a1acd9f7dc2fd940b4cac400f9a2c8e6a4b
SHA3 b8f87a37d11f39dac927dce1c5b1219e06d7fd228eab7182951e2cfbf5d87ca6

2

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.78458
MD5 b210229d92ceae13cff4bc7ab7d96a7d
SHA1 ef9edcfb669eb474f9d391bffa325176f15d6cea
SHA256 bff865fe42afc35593a3eb2b562fc296b244a2dc80bcc28b37fcc799773fad36
SHA3 4add9494755d54608e1558d38fa00d0b6510b746d27c82e63a904c30733cd2bf

3

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.07877
MD5 df9decd4be5c73a9db5d72cb38e44917
SHA1 5e9b418d0dee8366334cffc1e7f254173e9b384f
SHA256 81b2d74a1bc80c5d67304de7b072b1c95b5c9660800ced061c52d425a14f0d39
SHA3 d495aac7a303843c101c24d71a1ee35c98f3074427ee643a8fa8a1e918357086

4

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.9886
MD5 97838066d1fae2cfee4a7157acd6ac6b
SHA1 c5eb35301aea4b917dc95178f24bc258b331a27c
SHA256 7047aead900b2dd6ef868729589b8f5385d93246b5e7f41019b4e2190eb60524
SHA3 c6548c38a8ab1ab28912b7fa5f9928af48481856d25892decac6711a85af46f5

5

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x12428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.06184
MD5 d4f3a7412b258476a285543be85b4fe6
SHA1 d7cb204b7f208edd65dcb8797a288d9fe9cd61d0
SHA256 ca38c35d4e09a80b077834bb3a62ae6170a8ea75f74f4b6baee379ce57df39db
SHA3 81a4262171f2c3048cf9932664e522540873a24da6efd33b73176ac5a2fd7000

6

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18989
MD5 f8861a154a53a8948a4e3a04557a13e9
SHA1 8bf9435e0df4ce17c04c9ee4ea5e0af4c5c44374
SHA256 403fd2375e5a5229e270637c5ea1e2742521fe90791aef1801494b6ec126754f
SHA3 e4c1f672949b33614eb9c33cfc5263cee8400fbd147b192dadfbc6826c622061

7

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.64888
MD5 169575b3fc4bb3c775f9268bd239163e
SHA1 50855c274e1f0c2a0f3c0c0b1f3c64f688800505
SHA256 044b86947a3fc9e00bfb2ceced0e6a32c4e2c56ccfe4a372f93790320c871ef4
SHA3 1c25aa0e17694d10d0f73d8b5651ec2ee58d109aa53ea3d2d905814bcc716b91

8

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.88961
MD5 bed074453bea471a75a0a715ed2cdad7
SHA1 fcf210298ad4efca4240387b1a288f7749652384
SHA256 f35a5520bb0a3445c74b3704087fa33f0ee32e43d755f40b25e60d8fa5918e30
SHA3 f06dfb9f21d6d83b26d45359824668542bbfa3b20b5729d5c29c99c88579e265

9

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.43658
MD5 129e5bb0e52f4f5eea83ffc820cfc6ce
SHA1 d161aef2a40035402eb0283e090c4342bb3af90a
SHA256 f5561c689ceb59f65330f122b1c6210fdea871ad14ff6d8974390b9cf7955abe
SHA3 fa86c1fafa5740601d64ccaaa87668bd284685f34deb749177df211beac7365a

10

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.86982
MD5 3868bd98e3cfed91062a231e760ffe9e
SHA1 2f1df33ddaf812feb323b4ed938c57997b55ba2e
SHA256 32300917342cb692c42cb3f60c31100b35652a57335fe315fe45fb3eaf90fcd9
SHA3 0ccd78a0f3d7ac6ac4615d752b74b7bac1c4f69d3ed2e5dd373327c4e20da271

11

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.08048
MD5 8afa98ebe5b4d1df4be4d5ce3db42750
SHA1 232ffdc454bf64616a4d5b44a88d047c81a7a02f
SHA256 3166ac686e8c6949b88c965a8c609836cdaf97ac79b2718efa9e6391d27eb026
SHA3 c017cf01de6ab8cabd1d1f18202a258b74732fec95b4ebfbb787a5cfa0cd7dfa

12

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25503
MD5 ea5bc5617fe02700e597b8b6d0ca9c24
SHA1 72cf94baac1447c276a99dbde9f4686ed41fac59
SHA256 79cd3cff1029e15e3fdba7f7466d07854a7a0338654527ebfc8cb8f8cf0951de
SHA3 a9ff29eb5d8c49f7d2b696049618fd371929f9079a590293b197420bbdaf82d7

ASKNEXTVOL

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x286
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.419
MD5 8edc9d9954c16d9083b44657a62c353e
SHA1 bb567f7e6b33d5d976abe26b9da4e403c3182dc4
SHA256 8f25d7b09ecff6d3389a7742dc2a9e3187bdf010877d5512b7bab24566c3fca9
SHA3 140be6b67eed1b2eba6651eb7fb1ed127c202df3b0cbe5ef1d2a3299fbb2c3fb

GETPASSWORD1

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x13a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33594
MD5 846493df763dc8986b2a7a908694aa5c
SHA1 7113017d3f8ab15f721836f8cac36a3dde424962
SHA256 a6cb648be2175544ba05cd1c0d9f5b45b1d344915c503f01495f744708ebf6fc
SHA3 c524ff060d297a1a5d5a072ad50e5440ed3119f05de91aaf5f372a6d6a5e642b

LICENSEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xec
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16133
MD5 4da01a070e57545f97e0d84bcf1524e5
SHA1 eeeadb106e138aa26b66d276f84c8d076a31142e
SHA256 44e6a8daef1ac762f8016fc4c8aec52bad42f589b6d8a25d430a619610dd0028
SHA3 a018ce14f68b06cbed4adb1bf6714f3b6c1aa64fa2afa2215e037aa654f9fcee

RENAMEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x12e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.09135
MD5 43b0cc5d14bc75c453a11cb013864a38
SHA1 6990aed36ba67f0d6d34a63c3d9fd9dc2487db01
SHA256 237fb4fcfacd77cffde8221c92f0726c849afc96cd0bfd833f50b78552f7b22b
SHA3 a5ace4978d8258be5a68d7db48bc472ffa5cb949b4bb7c64f35348b5b34bb9e2

REPLACEFILEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x338
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31634
MD5 59053a2d4069a360fc73761849e1318c
SHA1 541edef52f27a7178cac477eb3803cb4820d31ae
SHA256 19561beb5029c85d95648f15c598b028a4f8a00bc36f452c5428308693ed748e
SHA3 a1fea8b8bfc45c410ebcfcc73afd1716c6c2abb2889e8a170e221a7ac702bb59

STARTDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x252
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51642
MD5 8f7f380b1a69743aac7181d97f60324b
SHA1 e6a444d1fb41f3a3bfec6dee720ee63e2337fcfe
SHA256 ad7a2ec8f4ae2bad71bc363e13eb5a809b2936f010f453b986ea04a5605c630a
SHA3 313019b4cd37222ade46ea6cfb35e136befe0a6e755a2d02590745173e2199d6

7 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15743
MD5 4bee97a79b277c8dbd826c3afcfc5424
SHA1 854f4724deb00d9dc5b5dca3b3920352c57ff300
SHA256 b2a7ded3c5b0404c8e39e3a08f241db1f35016dd50293684c768a09970f6965e
SHA3 eca8b58f5ed5aa36a26d4bee4dbd154766352f28ffbc0a6e06641ca7495065da

8 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11685
MD5 91984a8521454b1758674f2f0765e695
SHA1 f48b0e0ca433d99226abe5cb9f1421b5dc204d31
SHA256 89051dca472bd5ebb7b344c05150755b6e3d32cb0dffea086c04186820b188d2
SHA3 c7c2157fcb23e3b9253e37f60afe11361c625e3d5e0535bbbf988387d2cd517c

9 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11236
MD5 de2fde7dcddbe30df25bfcf234a301c3
SHA1 749b1a50cbed02bb7fd1fd277333340996b22c6f
SHA256 dd64405d95bedf0c5a998dba963360b3b9dd01d1482179c2b1d33ddb465841eb
SHA3 18b764b7d6b4bd748a55e961d11738a5fc2eb831e2be55cb21dd535e29ca9aeb

10 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x146
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.99727
MD5 06aeb5ae44f152010b502d79d78da978
SHA1 765389e59fc961fb9782413bccd6218c0ed29c95
SHA256 1e87eca343221966ecd9472109f3baf9081c821e3f4e905aa34eb8bce73af4e7
SHA3 dda651f9f04eded147d6b4d66801eb000f7f83f5e6161c919beca8e51e7b6f8a

11 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x46c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21979
MD5 1be38e8c51c46677f97f7e62d11e717e
SHA1 b4bbba99c20a80c523e001e056d1a7bccf98de2e
SHA256 42fee2a4c1761b5d51e875cc86bf87d276e6d21ab4a93cd450f8263dcdd58c36
SHA3 3446bf7ba6c34ddd25d212e2bd1d9e092ce3d7dfbf314ab0ee577eff4219bc49

12 (#2)

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x166
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.12889
MD5 70f271b2edd6a05942b95abced225c10
SHA1 dd3de2dc38efaf506c8c902edc3c6639651babbf
SHA256 d5755fffe2a9a4baf3593b8fba9a029b23bcc08e77c8d98e07b93baee6b9e6de
SHA3 99f9038fe42c25749482786e85b1f0ee5dda044080bf4ea4b311b333a3098c63

13

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x152
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01704
MD5 f82916fbe2aea69eafe68b9796d66a02
SHA1 0163aae109725b0ddb7740b3f648da2777463e55
SHA256 abbb67522b7822276112f9a351d05701b2b62f2317592dd8ac7c921809de2ccc
SHA3 bb63fc32a6057e9ffc74dc8c5276a24af66b86604daede76ce69550e41999599

14

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.94627
MD5 30e6552170bc691f678f7acef9e80e0c
SHA1 8b2d788087dcb89391aca01e923a041f91bbb58b
SHA256 9259a6b6d2959b4dc26b0563c2e15fca703e6bf343e2016ed314a992617f1904
SHA3 c36395577d2aeb1248c26a8b5a5db48646b2ca0c999cc6e8bdba8678cefc97d7

15

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.83619
MD5 09b30c86fe6cd7c8fe6d5d5fdd8b0a3e
SHA1 ba24c6e94ca7607f3fa91f71142d64d2e2938152
SHA256 f63fabe3ed749afb7b1719755170afe965f37e216834adf90dec051811afe657
SHA3 f4baf857de57ba1229f413a1165ec8e17dfa3e973f315fda2a082f79a3f64948

16

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13738
MD5 c850c76550b2465ccf8d8b25ad47a80e
SHA1 c0e334f4739bcfce899c99989bb4ff5f42246c3f
SHA256 dd175ea18f1bef1ad459382fbda58d775768fc0fb600582143b8163e907fa551
SHA3 31280013fdb13da5e0953b1ed8290d80098daad70fbe3c4faa902952874c1d76

17

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x250
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10542
MD5 3af90d2cab211507bfdca524c987e776
SHA1 0ccbbeb1d55e7a9464c64d19457b43580cb9c818
SHA256 f7af627db20d22399a26c9ba4871d46539b2d003c7be18d3da504da0e493f90b
SHA3 81042846034ee0b1d7d601348ba7708de2e5fd7b04054ead02c0231ccf6fa0f3

100

Type RT_GROUP_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.91442
Detected Filetype Icon file
MD5 e669ab1c85488d42892312972e81899f
SHA1 91f06c2d22f2550ca3bae40916a831328589dff3
SHA256 3d6baa8dd4cdc4d9d940e55d33556afb1c3e8b3fa993913f1b8f0be94774acaf
SHA3 2a52360cdf0742f009d2ba12990af381ffeab0ed48da9bd7ce3a6e6b97752ea8

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x753
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25329
MD5 8ddcbbd6b8c80eef68bf9305e59fa1f3
SHA1 014923abccec57fa3ad16f65feb0de2b8cbc8408
SHA256 1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810
SHA3 e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69

String Table contents

Select the destination folder
Extracting %s
Skipping %s
Unexpected end of archive
The file "%s" header is corrupt
Corrupt header is found
Main archive header is corrupt
The archive comment header is corrupt
The archive comment is corrupt
Not enough memory
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s
Checksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s
Packed data checksum error in %s
Write error in the file %s
Read error in the file %s
File close error
The required volume is absent
The archive is either in unknown format or damaged
Extracting from %s
Next volume
The archive header is corrupt
Close
Error
Errors encountered while performing the operation
Look at the information window for more details
bytes
modified on
folder is not accessible
Some files could not be created.
You can try to repeat the installation after closing other applications and restarting Windows.
Some installation files are corrupt.
Please download a fresh copy and retry the installation
All files
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
<li>Use <b>Browse</b> button to select the destination
folder from the folders tree. It can be also entered
manually.</li><br><br>
<li>If the destination folder does not exist, it will be
created automatically before extraction.</li></ul>
The archive is corrupt
Extracting files to %s folder
Extracting files to temporary folder
Extract
Extraction progress
Total path and file name length must not exceed %d characters
Unknown encryption method in %s
The specified password is incorrect.
Incorrect password for %s
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create hard link %s
You need to unpack the link target first
You may need to run this self-extracting archive as administrator
Pause
Continue
Security warning
Please remove %s from folder %s. It is unsecure to run %s until it is done.
Not enough memory to unpack the archive with %u GB compression dictionary.
64-bit self-extracting module is necessary.
Warning
This archive requires more than %u GB memory to unpack, which exceeds the amount of installed memory and can result in extremely slow extraction or even unresponsive system.
It is recommended to cancel extraction. Do you wish to try extracting it anyway?
Extraction cancelled

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Jul-28 09:26:23
Version 0.0
SizeofData 81
AddressOfRawData 0x5c0d0
PointerToRawData 0x5b0d0
Referenced File D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2025-Jul-28 09:26:23
Version 0.0
SizeofData 20
AddressOfRawData 0x5c124
PointerToRawData 0x5b124

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Jul-28 09:26:23
Version 0.0
SizeofData 1164
AddressOfRawData 0x5c138
PointerToRawData 0x5b138

TLS Callbacks

StartAddressOfRawData 0x14005c610
EndAddressOfRawData 0x14005c618
AddressOfIndex 0x140071cf8
AddressOfCallbacks 0x14004e658
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140064e80
GuardCFCheckFunctionPointer 5369029936
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x7065e790
Unmarked objects 0
C++ objects (33140) 157
253 (35207) 2
ASM objects (35207) 8
C objects (35207) 17
C++ objects (35207) 61
ASM objects (33140) 11
C objects (33140) 24
C objects (CVTCIL) (33140) 1
Imports (33140) 7
Total imports 299
C++ objects (35213) 51
Exports (35213) 1
Resource objects (35213) 1
Linker (35213) 1

Errors