Manalyze report for a09f22bd3627bae597c839eb9cdaf9eb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-May-23 11:58:52
Detected languages	English - United States Process Default Language
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Malicious	The file contains overlay data.	`5140 bytes of data starting at offset 0x8d000.` `The file contains a Zip Compressed Archive after the PE data.`
Malicious	VirusTotal score: 50/71 (Scanned on 2019-12-30 02:38:49)	`Bkav: W32.AdCoinMiner.Trojan` `MicroWorld-eScan: Trojan.Generic.22597142` `FireEye: Generic.mg.a09f22bd3627bae5` `McAfee: RDN/Generic Downloader.x` `Cylance: Unsafe` `Sangfor: Malware` `K7AntiVirus: Trojan-Downloader ( 00543bab1 )` `Alibaba: TrojanDownloader:VBS/CoinMiner.ee0865b2` `K7GW: Trojan-Downloader ( 00543bab1 )` `Cybereason: malicious.d3627b` `Invincea: heuristic` `Symantec: Trojan.Gen.2` `TrendMicro-HouseCall: TROJ_DLOADR.AUSUHZ` `Paloalto: generic.ml` `ClamAV: Win.Malware.Snojan-6596600-0` `Kaspersky: HEUR:Trojan.Script.Agent.gen` `BitDefender: Trojan.Generic.22597142` `NANO-Antivirus: Trojan.Win32.Mlw.euvekb` `Avast: Win32:Malware-gen` `Ad-Aware: Trojan.Generic.22597142` `Sophos: Mal/Generic-S` `F-Secure: Heuristic.HEUR/AGEN.1011440` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_DLOADR.AUSUHZ` `McAfee-GW-Edition: BehavesLike.Win32.Backdoor.hm` `Trapmine: malicious.high.ml.score` `Emsisoft: Trojan.Generic.22597142 (B)` `Ikarus: Trojan-Downloader.VBS.Small` `Webroot: W32.Trojan.Genkd` `Avira: HEUR/AGEN.1011440` `Microsoft: Trojan:Win32/Tiggre!rfn` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Generic.D158CE16` `AegisLab: Trojan.Script.Agent.4!c` `ZoneAlarm: HEUR:Trojan.Script.Agent.gen` `GData: Trojan.Generic.22597142` `AhnLab-V3: Malware/Win32.Generic.C2357178` `Acronis: suspicious` `ALYac: Trojan.Script.Agent` `VBA32: Trojan.Script` `APEX: Malicious` `ESET-NOD32: VBS/TrojanDownloader.Small.NGK` `Rising: Trojan.Sminager!8.EB3C (TOPIS:E0:zQJ6nxfdgJI)` `Yandex: Trojan.DL.Alien!` `SentinelOne: DFI - Suspicious PE` `Fortinet: VBS/Small.NGK!tr.dldr` `AVG: Win32:Malware-gen` `Panda: Trj/CI.A` `CrowdStrike: win/malicious_confidence_100% (W)` `Qihoo-360: Win32/Trojan.Script.af7`

Hashes

MD5	`a09f22bd3627bae597c839eb9cdaf9eb`
SHA1	`25402778d01be0cf88b31db50ab6f855df598e98`
SHA256	`36205ec39bcd2f15cf6af70fbee0fa01c72421b6d27c6d85a038fe8e66f021d7`
SHA3	`dc63b8cc340913c9a0183506293849b3eeabf9cff2b77961ebeca2d056792b19`
SSDeep	`6144:jlJ4Nwo7lOpT2hkWGzxU7p05YTDVCd0xD2acNOxkbiOUcZ8EEx:f5o8T6kWc27jiN8E0`
Imports Hash	`6d7669c3d288a480b09834f590bfd46a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2017-May-23 11:58:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x22e00`
SizeOfInitializedData	`0x69e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00011CA9 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x24000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xc0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8b47ccbfa8c98148a28925cc8a74f5d8`
SHA1	`beda2fa9b19bc724a98b7330ee014064367ea2ec`
SHA256	`1a090ddacfefbf9355db42cbf7edf8a412960564b35d63a31d9e1ce2389a8cac`
SHA3	`50745a85402442fc79e337dbe6fe18c0401c802c2b54f30696db5929ea6bf2d5`
VirtualSize	`0x22cd7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66954`

.rdata

MD5	`4bc4da57db0c409556cfc496dbd5c13e`
SHA1	`68b88321d7d6b5a80808d15e861c6450b236b566`
SHA256	`78e22ce98a7f733c0faefd0846ae68a39e7754c7e5a04b10e06041a248dd591f`
SHA3	`6ebb875ec1b100fbcada3ae9f6d4a1752eec0a338c091e35b02c9fd8c5480bfa`
VirtualSize	`0x8e34`
VirtualAddress	`0x24000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x23200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09438`

.data

MD5	`9630eaded8d133c9f2659c3897e9d265`
SHA1	`ffd071faffdeb0e113e35a7fb8e29d2d7da4d885`
SHA256	`96470f283e77cd1aca41bf678e6101e6f80c37232412ab774317d5ecbfab9586`
SHA3	`376527c4532762a25dc95a13ababe54939d909429aed219fb8703bb990ddacba`
VirtualSize	`0x30898`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.6895`

.gfids

MD5	`86a6a1533c4cb7c6a186479cc6cd866a`
SHA1	`b88c0795d765552413e80ba1d2dfd6d93085b26f`
SHA256	`1ed34575815d17021ee7c6232bd403eb0e1854791a87434a914fdd2bd9b8d3a0`
SHA3	`af1ff9137908d44c69ad96652fa7c213e1d8c34397aaf0d6a08fce463d10accc`
VirtualSize	`0xf4`
VirtualAddress	`0x5e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.15007`

.rsrc

MD5	`c860ec3e3d7fc37f698bb4c1143ddfef`
SHA1	`eb49ac7d23ef8db7fced92fa0b7aa588e9ac52cc`
SHA256	`15a02d511d104ef3b292dc317a56ed02b9dc389507adf97f40e84e09b3a41b56`
SHA3	`f9278140f2c138a77af32611d0e7ad49b80f1560917ef20b0f9c4a5d03745422`
VirtualSize	`0x5d9e8`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x5da00`
PointerToRawData	`0x2d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.07784`

.reloc

MD5	`4605908691c6b93011087360164c5d62`
SHA1	`43f5ea50fa475ff1cb2b7bedfc4bc32d625a935a`
SHA256	`e858a251791028a74f2f0d6325b6aec0527bf04f6387f1f6e2bc7c10af0a8f56`
SHA3	`3be87a1f1442b656f616a29b375f6579a5bafb12432f580d10ad881a51f1952a`
VirtualSize	`0x2468`
VirtualAddress	`0xbd000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x8aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63449`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileTime` `CloseHandle` `CreateFileW` `CreateDirectoryW` `SetFileAttributesW` `GetFileAttributesW` `DeleteFileW` `MoveFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `GetTickCount` `SetCurrentDirectoryW` `GetExitCodeProcess` `WaitForSingleObject` `GetLocalTime` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `SetStdHandle` `HeapSize` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `DecodePointer`
USER32.dll (delay-loaded)	`GetDC` `ReleaseDC` `MessageBoxW` `FindWindowExW` `GetClassNameW` `wvsprintfW` `PostMessageW` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `SendMessageW` `SetDlgItemTextW` `GetDlgItemTextW` `SendDlgItemMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetWindowTextW` `GetSystemMetrics` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `EndDialog` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x5ce2c`
DelayImportAddressTable	`0x2d934`
DelayImportNameTable	`0x2bbc0`
BoundDelayImportTable	`0x2c20c`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19099`
MD5	`5c475f4b07e1e05af29d25e1700f7279`
SHA1	`b139902d2f9eae34727ba4f740b4b1e99d4bc4e8`
SHA256	`690c938562399f89ad78e3fde2a7edaee8ddf2fafef987a7b37e577a8f6126ea`
SHA3	`1d3dd19fbcc656a30478c2b4ba98485853b464fe09ea2debc4cfc64271677d1e`
Preview

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94385`
MD5	`71d4e22562747eaeedf0265e75397600`
SHA1	`31b7f1b8374d7233ebe6e145ccdf6fb615710eae`
SHA256	`c9eaf4b782e2a8c213c4724364f0e5d1865ff158e1283381f7ec63e20f44bda3`
SHA3	`acdbbfc06dab9772c83a492b5466d8372bf0a86553dd4b33620585f337d32fc2`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23344`
MD5	`fe044a1d37aecb8a9294a05721c5ac0f`
SHA1	`9d3083ee87b93edf75e8277fc53dd4a0842bd1e1`
SHA256	`4b873514cfcf78aa9187c1efbdaee472a38e3903cf0de194be69ab171b94232e`
SHA3	`9803e867d3b2b762cf1f3a74ba48e8072015216f83408b7238b76a57f2edac81`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11366`
MD5	`03c706f7e8feb13a7434533dff6a4243`
SHA1	`b6afc2f9180f30800a47c58c8c6440bc1242054b`
SHA256	`fd1da44deeb139758ed9945b46fa286d6874e3b24547a35e281ebcc6343230b6`
SHA3	`151c4bc8c5281b895f3252639f6d2ad4356bfbce14d030d1230bac06d6bca5c2`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.23232`
MD5	`1f0763bf1204efc36a7e12f02789fcee`
SHA1	`e8c038a6811ba362276e1e28513e2a9be9f029ad`
SHA256	`1b86d191ad22b015c1d4cbe2e9aa5e865381d486c4f3f9fe4d843d81b0b25b4a`
SHA3	`b0bcc6b8e0daa6e7a3e859f120dea1d1fac234510aa32ff6e28ce97568dda9fb`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9885`
MD5	`3696a30d94b54f33a3e060df390af20c`
SHA1	`28469b4e66598335b05ea5328d082aae147751de`
SHA256	`7a780ff7081b25540cac0c98ee47062cff190ab3786fa5d10b0fc009bb3ae4da`
SHA3	`9973827553cb1d5b1ec203bd88277742db88d9aaa93539bef808002a94cbc76e`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11249`
MD5	`b58521c985837fb2afb461cca3668c5d`
SHA1	`6ce4aca6cf8d3e8a92496c1094fd9355aa469d77`
SHA256	`c85606a206a41c3f7d19cd5c47e2934526b79bf0a629913db87cec6a2be7ec9f`
SHA3	`ba4dfbd52d05dcae394f47c90f955c08cc6a0a9ca12438416b6360f81f787527`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x286`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42597`
MD5	`361be3e9f16096819f38433be227aeab`
SHA1	`303da809d3ec1bfc46b5fa4fde1733cfffdb9596`
SHA256	`887347f27d903f6652ba35c3dfae297c23435755a63e02a80259ee6dd0b8af86`
SHA3	`db76532737d079016d6f113bb1ac833820a004c041973cb70af7ed2cf185da55`

GETPASSWORD1

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x13a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33944`
MD5	`331b55f85040e216e56c0b8e843438a8`
SHA1	`af4002fec283154f7d72fa3f363d28dbb1536f85`
SHA256	`2e11a1ed4f812e37fdb32a1310cdcca802c46497c27e33ab66ac127345463d31`
SHA3	`206eda4241a8bdb201359d75e1063c41ed5aba18392eea3d09b31bb5ed4f5f8c`

LICENSEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16133`
MD5	`4da01a070e57545f97e0d84bcf1524e5`
SHA1	`eeeadb106e138aa26b66d276f84c8d076a31142e`
SHA256	`44e6a8daef1ac762f8016fc4c8aec52bad42f589b6d8a25d430a619610dd0028`
SHA3	`a018ce14f68b06cbed4adb1bf6714f3b6c1aa64fa2afa2215e037aa654f9fcee`

RENAMEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08925`
MD5	`23f9ee829c671147edcb4e5fc285dc76`
SHA1	`65f15e95491df6b271c340bc3cf6fc2a6e628a31`
SHA256	`30358e9c494ca9d125b34ccb93a2d8f1237042904f6fcecc2f5ca9a83b7dba9d`
SHA3	`830894d4015e75dd74224a9a6e70c573491f721f5d9526bbb9cbf766cf000092`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31987`
MD5	`822b9ba661d87f4dedeb47b67cdd4d5a`
SHA1	`b7902c16350bc2ee7fd78fbeb9461d2f123d59be`
SHA256	`a1141852e6fb28826de51733ee35fbfdcf74dd8eb7f73049c7c7ad6c21d0cb33`
SHA3	`712432c699365c95e1b04b3a44cebc97ce77f9824418dbb6784f0c653567325e`

STARTDLG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51642`
MD5	`14623c62285bf3fab07f52a8d4ee7758`
SHA1	`559c8c2d1ec322f7860a909c1d63b22e8e74dd42`
SHA256	`0f47dbda4a6e61d3288f63f249d25ab3f6e1fe497879a782d3eb1cd3922f3f4e`
SHA3	`c28724b596203a4f657d2ac87547e81631dd95cb46d7b43c9989c30b002f333a`

7

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1586`
MD5	`2ee005bf14efd62d866ca276e73b47aa`
SHA1	`e098ed7de14a3221722e8c25ada1cb901ce85978`
SHA256	`450b4d82a86dba50acea995d6356e0174a242081f2c2438f6f88c29038f7097d`
SHA3	`3bd4b237507bdbc645d985837c718b5df99fa6c91e862fe59f7295cd82c7d0b0`

8

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11685`
MD5	`91984a8521454b1758674f2f0765e695`
SHA1	`f48b0e0ca433d99226abe5cb9f1421b5dc204d31`
SHA256	`89051dca472bd5ebb7b344c05150755b6e3d32cb0dffea086c04186820b188d2`
SHA3	`c7c2157fcb23e3b9253e37f60afe11361c625e3d5e0535bbbf988387d2cd517c`

9

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15447`
MD5	`bea5af210aba31a79a4329c4fe918826`
SHA1	`0639f7b55623ed115a7a2573862194ce497e135e`
SHA256	`4b330444367ebff69a042f9aaa930485c02a02e7efdad56db24cb2b76dc8f134`
SHA3	`0e3c015b6a949195bfecc1b2c288abf0b79803889b3a25c6558580c175e6a651`

10

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99727`
MD5	`06aeb5ae44f152010b502d79d78da978`
SHA1	`765389e59fc961fb9782413bccd6218c0ed29c95`
SHA256	`1e87eca343221966ecd9472109f3baf9081c821e3f4e905aa34eb8bce73af4e7`
SHA3	`dda651f9f04eded147d6b4d66801eb000f7f83f5e6161c919beca8e51e7b6f8a`

11

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x446`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2036`
MD5	`50607cbf5fa33da61e8d119c4a2c0c9b`
SHA1	`d38285a743fe1ebf62ecb612d62336060c865bc7`
SHA256	`06b2bd666ed1afbbfc9914b94d703087c18248c5fe28dead42e42f22c3984c5e`
SHA3	`9bc82cef576158d1c1bf6c60e77dae43a3c3ef80d1373ceafa46da206fd67cfe`

12

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x166`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12889`
MD5	`70f271b2edd6a05942b95abced225c10`
SHA1	`dd3de2dc38efaf506c8c902edc3c6639651babbf`
SHA256	`d5755fffe2a9a4baf3593b8fba9a029b23bcc08e77c8d98e07b93baee6b9e6de`
SHA3	`99f9038fe42c25749482786e85b1f0ee5dda044080bf4ea4b311b333a3098c63`

13

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95673`
MD5	`269a2d7069663060af7c9dd46b06fa63`
SHA1	`3addd59b10812bf9a9a37c28139b048acf8bb003`
SHA256	`a71a1445d83285856c39bf2f0caa19e88c9be65f0178a6878f321a925a21f97c`
SHA3	`9a7c6ec3de596dee9c3710ef77cb4693c3d5b584d842ccac347b066e46afbdf6`

14

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77928`
MD5	`f2f57022da11e6b34117697226056e76`
SHA1	`94643fa46ab3195fa8fd17faed49d09a2c8d9fda`
SHA256	`71966cf60a28c1cdde4196d7909347e3f66661546af21edbacb15c7116944832`
SHA3	`c30201373f1a146121e6a60a036cdbbed0031c6ccae088ab15e9cd58c9339f61`

15

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83619`
MD5	`09b30c86fe6cd7c8fe6d5d5fdd8b0a3e`
SHA1	`ba24c6e94ca7607f3fa91f71142d64d2e2938152`
SHA256	`f63fabe3ed749afb7b1719755170afe965f37e216834adf90dec051811afe657`
SHA3	`f4baf857de57ba1229f413a1165ec8e17dfa3e973f315fda2a082f79a3f64948`

16

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80514`
MD5	`3a1b603eaeaa7aca84afab706054807b`
SHA1	`577ba4baf69c0cc5867167174746fc35fb11e8fd`
SHA256	`cfa68e1c4fe3e613725ec1c45a80c2e4855c07e2d4587c8cf46fac05a78c0145`
SHA3	`dc50fd5dad67b49d6067255f83399ab84ccc7adc2476f3b4db2c652fa24c5169`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`4c4b448a0dae62377a9452aee6574387`
SHA1	`bd5e305eb640dabfba0a2b1e192f3e05e69892dd`
SHA256	`b3d066b10578e4a63a9e16dd19918531242399758b182986710b62975fe24574`
SHA3	`5ee375d929f0fb67eab18d6fa5e3b3978743347a3757f350bc2794c1955013bf`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x753`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25329`
MD5	`8ddcbbd6b8c80eef68bf9305e59fa1f3`
SHA1	`014923abccec57fa3ad16f65feb0de2b8cbc8408`
SHA256	`1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810`
SHA3	`e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69`

String Table contents

Select destination folder
Extracting %s
Skipping %s
Unexpected end of archive
The file "%s" header is corrupt
Corrupt header is found
Main archive header is corrupt
The archive comment header is corrupt
The archive comment is corrupt
Not enough memory
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s
Checksum error in the encrypted file %s. Corrupt file or wrong password.
Checksum error in %s
Packed data checksum error in %s
Write error in the file %s. Probably the disk is full
Read error in the file %s
File close error
The required volume is absent
The archive is either in unknown format or damaged
Extracting from %s
Next volume
The archive header is corrupt
Close
Error
Errors encountered while performing the operation
Look at the information window for more details
bytes
modified on
folder is not accessible
Some files could not be created.
Please close all applications, reboot Windows and restart this installation
Some installation files are corrupt.
Please download a fresh copy and retry the installation
All files
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>
<li>Use <b>Browse</b> button to select the destination
folder from the folders tree. It can be also entered
manually.</li><br><br>
<li>If the destination folder does not exist, it will be
created automatically before extraction.</li></ul>
The archive is corrupt
Extracting files to %s folder
Extracting files to temporary folder
Extract
Extraction progress
Total path and file name length must not exceed %d characters
Unknown encryption method in %s
The specified password is incorrect.
Cannot copy %s to %s.
Cannot create symbolic link %s
Cannot create hard link %s
You may need to run this self-extracting archive as administrator
Pause
Continue
Security warning
Please remove %s from folder %s. It is unsecure to run %s until it is done.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-May-23 11:58:52
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x2add8`
PointerToRawData	`0x29fd8`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-May-23 11:58:52
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2ae2c`
PointerToRawData	`0x2a02c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-May-23 11:58:52
Version	`0.0`
SizeofData	`944`
AddressOfRawData	`0x2ae40`
PointerToRawData	`0x2a040`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42d0a8`
SEHandlerTable	`0x42ad90`
SEHandlerCount	`18`

RICH Header

XOR Key	`0x91da655b`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`138`
242 (40116)	`24`
ASM objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`19`
C++ objects (VS2015 UPD3 build 24123)	`41`
C objects (VS2008 SP1 build 30729)	`10`
Imports (VS2008 SP1 build 30729)	`3`
Total imports	`230`
C++ objects (VS2015 UPD3.1 build 24215)	`37`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

a09f22bd3627bae597c839eb9cdaf9eb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.rsrc

.reloc

Imports

Delayed Imports

101

1

2

3

4

5

6

ASKNEXTVOL

GETPASSWORD1

LICENSEDLG

RENAMEDLG

REPLACEFILEDLG

STARTDLG

7

8

9

10

11

12

13

14

15

16

100

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors