8f6054eafdb79e499058f89fa1ec58d7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Sep-30 18:01:44
Detected languages English - United States
Process Default Language
Debug artifacts D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Uses constants related to SHA256
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExA
  • LoadLibraryExW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Suspicious The file contains overlay data. 7344206 bytes of data starting at offset 0x42200.
The overlay data has an entropy of 7.99997 and is possibly compressed or encrypted.
Overlay data amounts for 96.4433% of the executable.
Malicious VirusTotal score: 8/69 (Scanned on 2021-03-06 15:19:16) Bkav: W32.AIDetect.malware2
APEX: Malicious
Sophos: ML/PE-A
McAfee-GW-Edition: BehavesLike.Win32.Generic.wc
FireEye: Generic.mg.8f6054eafdb79e49
Microsoft: Program:Win32/Wacapew.C!ml
Cynet: Malicious (score: 100)
Cybereason: malicious.7d072c

Hashes

MD5 8f6054eafdb79e499058f89fa1ec58d7
SHA1 5cc603b7d072ccd2cb20e43ea8d91a3ab47758ab
SHA256 d7f0446cae48a9dbc8fe6ce9c992f9e30066784cffd21c41038e978e985ed10d
SHA3 1f18deb270c3dc75bae081cb75ac791e88b39eafa9aa9416200f3693b9f65b03
SSDeep 196608:MENb5zL7TXH0aDdU7XBS/tSnD5uWYjaUDWffDdW4ty:MEFB7zH0aDuUlSnlWjLDW3DNQ
Imports Hash f247d1ff7c13ddb9ec49eb86d120cfb2

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2018-Sep-30 18:01:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x2ea00
SizeOfInitializedData 0x13400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001D549 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x30000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x65000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 82d49f1d3fba0411e826039ecf9a4923
SHA1 405b0a92dbb4b761b88043db72323cc650335c2f
SHA256 73b3c8fa283472184ea54ec5d46a5be4c5cbbfb08e394a22cde47891613d3fda
SHA3 e2ae30b61008293adfc8b59dd8eb9237df9355b59087cd4fe76bbad0865b8d40
VirtualSize 0x2e924
VirtualAddress 0x1000
SizeOfRawData 0x2ea00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.69845

.rdata

MD5 7e5de551bfda59462bf6b7b3c1cce6ee
SHA1 b97fbafcf84c8d5ca524b384a0471c67ecbd4364
SHA256 49f707cb9fbab62f2995db124a75e1b3bf6d218bfadad9ab3ecd5f2beebdc3eb
SHA3 741173af66c2c18d1515c60c26ddedbdb0a0b34919a2e8b2815e71e7bf9c18b0
VirtualSize 0x9a8c
VirtualAddress 0x30000
SizeOfRawData 0x9c00
PointerToRawData 0x2ee00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13014

.data

MD5 e0dc9653b1def3573294dd075688e1d3
SHA1 4b2399eb097dae916c26f6dfa469ed34525f98e8
SHA256 5bb6725eaf6bda19b19f730b9cb4862592d043bc564b846c6c2a905c58b22ac4
SHA3 1551324cdbe08113fa49fb59720e141d3ef8dc3bd700f074d1bf970c05e3f7c0
VirtualSize 0x203a0
VirtualAddress 0x3a000
SizeOfRawData 0xc00
PointerToRawData 0x38a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.23545

.gfids

MD5 cab6963eadf40e19eb8f156e76c8e1c1
SHA1 1b034be3635a8938b2a62ed95892b6b9c0bc1d3a
SHA256 7f7b2ca7a712d6736ac4a2586f8668e5e22172d080d2cdce4ab158c4cc801aae
SHA3 968e5b284fa5607d4f4d4891ec98a54062bdc819f5cd90f2f9b8475ddeacc55a
VirtualSize 0xe8
VirtualAddress 0x5b000
SizeOfRawData 0x200
PointerToRawData 0x39600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.09308

.rsrc

MD5 331317ff670ee147c3cdc9b13801b480
SHA1 5e3424758cedabaf130f49989fc875e012483307
SHA256 913ec8bac6fabf29d8794de5a7cefe9ee87377f0a9ac747c25115d04b6e05f0a
SHA3 ebc62d75eeaa22cc23b2c64fa5bd112566f38366009d3ae4623943f63141c864
VirtualSize 0x6820
VirtualAddress 0x5c000
SizeOfRawData 0x6a00
PointerToRawData 0x39800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.15802

.reloc

MD5 ce95d61d62f29cf75f1a104f1294c1f9
SHA1 7f4c5767e91962f1ac98264a64c87198313a1a4d
SHA256 f5ae31130d51ef2a7dfdffd2793bd9f497ff8b508009527a0fd58ea96b075050
SHA3 0fc544d6a2162a4f116fc733c5b01d4a982b578cee9b513ceb6ba33f21e0ab76
VirtualSize 0x1fdc
VirtualAddress 0x63000
SizeOfRawData 0x2000
PointerToRawData 0x40200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.67876

Imports

KERNEL32.dll GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
gdiplus.dll GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
USER32.dll (delay-loaded) WaitForInputIdle
IsWindowVisible
DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItemTextW
PostMessageW
SetFocus
SetForegroundWindow
GetSysColor
LoadBitmapW
LoadIconW
DestroyIcon
IsDialogMessageW
wvsprintfW
GetClassNameW
FindWindowExW
MessageBoxW
ReleaseDC
GetDC
SendMessageW
LoadCursorW
CopyRect
MapWindowPoints
UpdateWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
OemToCharBuffA
LoadStringW
GetWindow
SetProcessDefaultLayout
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
GetWindowTextW
GetSystemMetrics
SetWindowPos
GetParent
SetWindowTextW
EnableWindow
GetDlgItem
SendDlgItemMessageW
ShowWindow

Delayed Imports

Attributes 0x1
Name USER32.dll
ModuleHandle 0x59930
DelayImportAddressTable 0x3aa80
DelayImportNameTable 0x383f4
BoundDelayImportTable 0x38b18
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

101

Type PNG
Language English - United States
Codepage Latin 1 / Western European
Size 0xb45
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.87356
Detected Filetype PNG graphic file
MD5 63486a769bbe3f49d5848b9c69734a25
SHA1 e48bd36c2f23c238206bdddf3ebb6d6862905710
SHA256 a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c
SHA3 7e9dc73ef6ee0ce127eee80c5daf334bd98ed2d2f262376ed7760866816d815b
Preview

102

Type PNG
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.80129
Detected Filetype PNG graphic file
MD5 e6ccfb6d9ffd4e1a907a47761c64bd79
SHA1 d6a2994dedae3527a878140aa60dcaa087b90445
SHA256 27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68
SHA3 11423dcd0ab4c11695ad71f56e4fcdfc4b20a38cc6ac653ab7575f7dd024d0e5

101 (#2)

Type RT_BITMAP
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xbb6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.19099
MD5 5c475f4b07e1e05af29d25e1700f7279
SHA1 b139902d2f9eae34727ba4f740b4b1e99d4bc4e8
SHA256 690c938562399f89ad78e3fde2a7edaee8ddf2fafef987a7b37e577a8f6126ea
SHA3 1d3dd19fbcc656a30478c2b4ba98485853b464fe09ea2debc4cfc64271677d1e

1

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38234
MD5 77c64818523675c19429aee1ec8a0544
SHA1 1f5a7359bf9b3922504c21ce175e82adcbb0a051
SHA256 4436650a65c64265abf4b8726a33b15c2b2039fc65e120c7173bcba67feb852b
SHA3 e2b667fb70d551750e259d2d592fa87c3f4a0de6658f6cf74f11b79633c2697c

2

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.88998
MD5 de81bccb6410c9e4acb325f67f268bc5
SHA1 008016ff2382733c62fd44c4e21e87f689a25500
SHA256 7b0ae8f74efcb3e7caf1429f5bba76108251eea88f9581dcfeb52a886470f7bc
SHA3 ce2d055cf9b0345750de0b6284ce7dfd64fbc84fb6faf2304e0dfd644474a3f6

3

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.12176
MD5 e9356775b7b8159cfad335fa2c2b22d5
SHA1 7d1b798e8a87d7ef3b07c6eaf598d8b5d7169639
SHA256 439c8b79133224a07cbe1a6e0c30eef9cdcdec92dab8ead48374e516304ef165
SHA3 50c0778cbbb68c04de463c928f7e60696bc24bb02c390baa555756af8e773e4e

4

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.68705
MD5 41491a39d90ed5934e44c6a505f15ee5
SHA1 431fd71d8988019c76c464ea5a0c738b2d2671a8
SHA256 66548c9bb8b9c4ec76b076300868458c9a511cc86879915ebcbaf6f3e3a18334
SHA3 5b99077c1b6b71877c48f6d98bcc2cb38d4eb0920f6ebfe1632e6ee9e24e88f1

ASKNEXTVOL

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x286
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.42597
MD5 361be3e9f16096819f38433be227aeab
SHA1 303da809d3ec1bfc46b5fa4fde1733cfffdb9596
SHA256 887347f27d903f6652ba35c3dfae297c23435755a63e02a80259ee6dd0b8af86
SHA3 db76532737d079016d6f113bb1ac833820a004c041973cb70af7ed2cf185da55

GETPASSWORD1

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x13a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33944
MD5 331b55f85040e216e56c0b8e843438a8
SHA1 af4002fec283154f7d72fa3f363d28dbb1536f85
SHA256 2e11a1ed4f812e37fdb32a1310cdcca802c46497c27e33ab66ac127345463d31
SHA3 206eda4241a8bdb201359d75e1063c41ed5aba18392eea3d09b31bb5ed4f5f8c

LICENSEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xec
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16133
MD5 4da01a070e57545f97e0d84bcf1524e5
SHA1 eeeadb106e138aa26b66d276f84c8d076a31142e
SHA256 44e6a8daef1ac762f8016fc4c8aec52bad42f589b6d8a25d430a619610dd0028
SHA3 a018ce14f68b06cbed4adb1bf6714f3b6c1aa64fa2afa2215e037aa654f9fcee

RENAMEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x12e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08925
MD5 23f9ee829c671147edcb4e5fc285dc76
SHA1 65f15e95491df6b271c340bc3cf6fc2a6e628a31
SHA256 30358e9c494ca9d125b34ccb93a2d8f1237042904f6fcecc2f5ca9a83b7dba9d
SHA3 830894d4015e75dd74224a9a6e70c573491f721f5d9526bbb9cbf766cf000092

REPLACEFILEDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x338
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31987
MD5 822b9ba661d87f4dedeb47b67cdd4d5a
SHA1 b7902c16350bc2ee7fd78fbeb9461d2f123d59be
SHA256 a1141852e6fb28826de51733ee35fbfdcf74dd8eb7f73049c7c7ad6c21d0cb33
SHA3 712432c699365c95e1b04b3a44cebc97ce77f9824418dbb6784f0c653567325e

STARTDLG

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0x252
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51642
MD5 8f7f380b1a69743aac7181d97f60324b
SHA1 e6a444d1fb41f3a3bfec6dee720ee63e2337fcfe
SHA256 ad7a2ec8f4ae2bad71bc363e13eb5a809b2936f010f453b986ea04a5605c630a
SHA3 313019b4cd37222ade46ea6cfb35e136befe0a6e755a2d02590745173e2199d6

7

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1e2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.1586
MD5 2ee005bf14efd62d866ca276e73b47aa
SHA1 e098ed7de14a3221722e8c25ada1cb901ce85978
SHA256 450b4d82a86dba50acea995d6356e0174a242081f2c2438f6f88c29038f7097d
SHA3 3bd4b237507bdbc645d985837c718b5df99fa6c91e862fe59f7295cd82c7d0b0

8

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11685
MD5 91984a8521454b1758674f2f0765e695
SHA1 f48b0e0ca433d99226abe5cb9f1421b5dc204d31
SHA256 89051dca472bd5ebb7b344c05150755b6e3d32cb0dffea086c04186820b188d2
SHA3 c7c2157fcb23e3b9253e37f60afe11361c625e3d5e0535bbbf988387d2cd517c

9

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x1ee
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15447
MD5 bea5af210aba31a79a4329c4fe918826
SHA1 0639f7b55623ed115a7a2573862194ce497e135e
SHA256 4b330444367ebff69a042f9aaa930485c02a02e7efdad56db24cb2b76dc8f134
SHA3 0e3c015b6a949195bfecc1b2c288abf0b79803889b3a25c6558580c175e6a651

10

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x146
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.99727
MD5 06aeb5ae44f152010b502d79d78da978
SHA1 765389e59fc961fb9782413bccd6218c0ed29c95
SHA256 1e87eca343221966ecd9472109f3baf9081c821e3f4e905aa34eb8bce73af4e7
SHA3 dda651f9f04eded147d6b4d66801eb000f7f83f5e6161c919beca8e51e7b6f8a

11

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x446
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2036
MD5 50607cbf5fa33da61e8d119c4a2c0c9b
SHA1 d38285a743fe1ebf62ecb612d62336060c865bc7
SHA256 06b2bd666ed1afbbfc9914b94d703087c18248c5fe28dead42e42f22c3984c5e
SHA3 9bc82cef576158d1c1bf6c60e77dae43a3c3ef80d1373ceafa46da206fd67cfe

12

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x166
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.12889
MD5 70f271b2edd6a05942b95abced225c10
SHA1 dd3de2dc38efaf506c8c902edc3c6639651babbf
SHA256 d5755fffe2a9a4baf3593b8fba9a029b23bcc08e77c8d98e07b93baee6b9e6de
SHA3 99f9038fe42c25749482786e85b1f0ee5dda044080bf4ea4b311b333a3098c63

13

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x120
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.95673
MD5 269a2d7069663060af7c9dd46b06fa63
SHA1 3addd59b10812bf9a9a37c28139b048acf8bb003
SHA256 a71a1445d83285856c39bf2f0caa19e88c9be65f0178a6878f321a925a21f97c
SHA3 9a7c6ec3de596dee9c3710ef77cb4693c3d5b584d842ccac347b066e46afbdf6

14

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.94627
MD5 30e6552170bc691f678f7acef9e80e0c
SHA1 8b2d788087dcb89391aca01e923a041f91bbb58b
SHA256 9259a6b6d2959b4dc26b0563c2e15fca703e6bf343e2016ed314a992617f1904
SHA3 c36395577d2aeb1248c26a8b5a5db48646b2ca0c999cc6e8bdba8678cefc97d7

15

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.83619
MD5 09b30c86fe6cd7c8fe6d5d5fdd8b0a3e
SHA1 ba24c6e94ca7607f3fa91f71142d64d2e2938152
SHA256 f63fabe3ed749afb7b1719755170afe965f37e216834adf90dec051811afe657
SHA3 f4baf857de57ba1229f413a1165ec8e17dfa3e973f315fda2a082f79a3f64948

16

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0xd6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80514
MD5 3a1b603eaeaa7aca84afab706054807b
SHA1 577ba4baf69c0cc5867167174746fc35fb11e8fd
SHA256 cfa68e1c4fe3e613725ec1c45a80c2e4855c07e2d4587c8cf46fac05a78c0145
SHA3 dc50fd5dad67b49d6067255f83399ab84ccc7adc2476f3b4db2c652fa24c5169

100

Type RT_GROUP_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.64576
Detected Filetype Icon file
MD5 f6262f462f61a1af1cac10cf4b790e5a
SHA1 4aa3239c2c59fa5f246b0dd68da564e529b98ff4
SHA256 44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c
SHA3 f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x753
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25329
MD5 8ddcbbd6b8c80eef68bf9305e59fa1f3
SHA1 014923abccec57fa3ad16f65feb0de2b8cbc8408
SHA256 1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810
SHA3 e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69

String Table contents

Select destination folder
Extracting %s
Skipping %s
Unexpected end of archive
The file "%s" header is corrupt
Corrupt header is found
Main archive header is corrupt
The archive comment header is corrupt
The archive comment is corrupt
Not enough memory
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s
Checksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s
Packed data checksum error in %s
Write error in the file %s. Probably the disk is full
Read error in the file %s
File close error
The required volume is absent
The archive is either in unknown format or damaged
Extracting from %s
Next volume
The archive header is corrupt
Close
Error
Errors encountered while performing the operation
Look at the information window for more details
bytes
modified on
folder is not accessible
Some files could not be created.
Please close all applications, reboot Windows and restart this installation
Some installation files are corrupt.
Please download a fresh copy and retry the installation
All files
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
<li>Use <b>Browse</b> button to select the destination
folder from the folders tree. It can be also entered
manually.</li><br><br>
<li>If the destination folder does not exist, it will be
created automatically before extraction.</li></ul>
The archive is corrupt
Extracting files to %s folder
Extracting files to temporary folder
Extract
Extraction progress
Total path and file name length must not exceed %d characters
Unknown encryption method in %s
The specified password is incorrect.
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create hard link %s
You need to unpack the link target first
You may need to run this self-extracting archive as administrator
Pause
Continue
Security warning
Please remove %s from folder %s. It is unsecure to run %s until it is done.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Sep-30 18:01:44
Version 0.0
SizeofData 81
AddressOfRawData 0x37128
PointerToRawData 0x35f28
Referenced File D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Sep-30 18:01:44
Version 0.0
SizeofData 20
AddressOfRawData 0x3717c
PointerToRawData 0x35f7c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Sep-30 18:01:44
Version 0.0
SizeofData 944
AddressOfRawData 0x37190
PointerToRawData 0x35f90

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x43a1c8
SEHandlerTable 0x437090
SEHandlerCount 38

RICH Header

XOR Key 0xea77ed6
Unmarked objects 0
241 (40116) 13
243 (40116) 140
242 (40116) 24
199 (41118) 1
ASM objects (VS2015 UPD3 build 24123) 22
C objects (VS2015 UPD3 build 24123) 19
C++ objects (VS2015 UPD3 build 24123) 44
C objects (VS2008 SP1 build 30729) 10
Imports (VS2008 SP1 build 30729) 5
Total imports 267
C++ objects (VS2015 UPD3.1 build 24215) 48
Exports (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->