Manalyze report for b2a29184ad57fd14d1828d7f273891f9c73a93dd15440ef9bf27290190a6e237

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jun-20 08:00:00
Detected languages	English - United States
CompanyName	ReasonLabs
FileDescription	ReasonLabs-setup-wizard.exe
FileVersion	`7.2.0`
InternalName	7zS.sfx
LegalCopyright	Copyright (C) 2025 Reason Software Company Inc.
OriginalFilename	7zS.sfx.exe
ProductName	ReasonLabs Setup Wizard
ProductVersion	`7.2.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: inkscape.org www.inkscape.org`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW`
Info	The PE is digitally signed.	`Signer: Reason Cybersecurity Inc.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4e237e02546dcd4fad28cd28381596d3`
SHA1	`bffcfb92934579919dd09ad7d07a0b10435c03a7`
SHA256	`b2a29184ad57fd14d1828d7f273891f9c73a93dd15440ef9bf27290190a6e237`
SHA3	`e2a39a31eedcabdc97d350046e1bbb457d1ddee31331f7587cf39bc5b2b2cf2c`
SSDeep	`49152:rfHuKIHw3bo/eU22MIie/yof/tnv06Zdw65VEnAxES:ruO3bo32DZuymF86ZuYyS`
Imports Hash	`4ba3ea0d6362a841ec66a1fc0a1b874f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Jun-20 08:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1a000`
SizeOfInitializedData	`0x78200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00019B6C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x98000`
SizeOfHeaders	`0x400`
Checksum	`0x263b1d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`09a2bdfa7e9deb0cb5414cd498d24a6c`
SHA1	`927e33b463bbe91a7988f3936665d6acefa81d82`
SHA256	`6bf4978ecec110d7c1b1a94f7055b6ba01dd7d37f9e433d47c4aba11f63a8a19`
SHA3	`a625c81bfa293de5fe5e164519ee0940b2fa8ea32b631f45e93ec006f15397f4`
VirtualSize	`0x19fa5`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63512`

.rdata

MD5	`bdcb447287ea7267116c6e0f60a1e0c4`
SHA1	`c794c1a6b123d636b6f9b1b9a41db952446f3585`
SHA256	`e6298a342be4d7fef8ed5fb253c91fae5242f6dc781634694a701cd989d8d011`
SHA3	`c6cd059350230dabef317a55d6e05fb3dfb360536797fbbc0a07591e734667a3`
VirtualSize	`0x3acc`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x1a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.42439`

.data

MD5	`91fbb1b151718265bcf39ad121026a2f`
SHA1	`01d98b619d30710e4074163a99da7f91d0f3d8d2`
SHA256	`415ed85bf6e719304258d3126dfbe7b22337c145f9e26ddbbc1df64e9277f3f7`
SHA3	`f8e23ccd17e8ad15bdd9a4dfec1d092715256dc4ece12b0f9d1f5fbceae714ad`
VirtualSize	`0x2410`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.34897`

.sxdata

MD5	`480f8419371f2eeea1f4e90c192f696c`
SHA1	`0190ee24c842ae0fa69ef03e6bea80102f2f887e`
SHA256	`7e089ba637f341129cb4d88f576026b9784a4ff0c620d0419fc812e581ec9fa0`
SHA3	`c029dd044791803e2135f21cdaf4f8423a4b16a5c1feee57e6f841a87d27fc7c`
VirtualSize	`0x4`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_INFO` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`8c0edf304afc4ab88584f79cbe8e976c`
SHA1	`65ae24e61c5f35c0f2791a594be52657bf2db832`
SHA256	`c1300a25649c4a94fbdbf9749c43488bd8fd17d41a32b03e2ec12743b486eb22`
SHA3	`6564cd17a87734d39cf77ee0e84edf1f3cd9fca14b7ba0c729df374178fd5ffa`
VirtualSize	`0x74110`
VirtualAddress	`0x23000`
SizeOfRawData	`0x74200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.16671`

Imports

OLEAUT32.dll	`SysAllocStringLen` `VariantClear` `SysStringLen`
USER32.dll	`DialogBoxParamW` `SetWindowLongW` `GetWindowLongW` `GetDlgItem` `SetTimer` `LoadStringW` `CharUpperW` `DestroyWindow` `EndDialog` `PostMessageW` `SetWindowTextW` `ShowWindow` `MessageBoxW` `SendMessageW` `LoadIconW` `KillTimer`
SHELL32.dll	`ShellExecuteExW`
MSVCRT.dll	`_controlfp` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit` `?terminate@@YAXXZ` `??1type_info@@UAE@XZ` `_except_handler3` `_beginthreadex` `memset` `wcsstr` `free` `malloc` `memcpy` `_CxxThrowException` `_purecall` `memmove` `memcmp` `wcscmp` `__CxxFrameHandler`
KERNEL32.dll	`GetStartupInfoA` `InitializeCriticalSection` `ReleaseSemaphore` `CreateSemaphoreW` `ResetEvent` `SetEvent` `CreateEventW` `GetVersion` `VirtualFree` `VirtualAlloc` `Sleep` `GetStdHandle` `GlobalMemoryStatus` `GetSystemInfo` `GetCurrentProcess` `GetProcessAffinityMask` `SetEndOfFile` `WriteFile` `ReadFile` `SetFilePointer` `GetFileSize` `GetFileInformationByHandle` `GetFileAttributesW` `GetModuleHandleA` `FindNextFileW` `FindFirstFileW` `FindClose` `GetCurrentThreadId` `GetTickCount` `GetCurrentProcessId` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `SetLastError` `DeleteFileW` `CreateDirectoryW` `GetModuleHandleW` `GetProcAddress` `RemoveDirectoryW` `SetFileAttributesW` `CreateFileW` `SetFileTime` `GetSystemDirectoryW` `GetTempPathW` `FormatMessageW` `LocalFree` `GetModuleFileNameW` `LoadLibraryExW` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetLastError` `GetVersionExW` `GetCommandLineW` `CreateProcessW` `CloseHandle` `WaitForSingleObject`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40632`
MD5	`b5ac545968404495b1b3abef2bac3b92`
SHA1	`cd6f61e4570369f56e6b0a862f413280c022d4ea`
SHA256	`64473855f5df00d18102d0408f55dfd390fa363799082ba916e7b1204a84f398`
SHA3	`41f88d6c21417718b3d5e77a78bac6e3a9f316364ea8552bae212cd9509c6d0a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28756`
MD5	`d3baa53b8f148913e70de6ead22b0de7`
SHA1	`d706a66e31b7598686dd28de6f286dcb43eed57a`
SHA256	`38dc9a1606a16694712ee1be9efa29c436668409473cdc15aa03f3d918c93b9f`
SHA3	`fbb5abbcade8774ad888b548108abdfc246ef8756fd04cdfa092aa6386926031`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06213`
MD5	`16017f184a077809f98add589ea9a603`
SHA1	`ac332f0ab3338271508cd0cbacfc215973c9fcf8`
SHA256	`6c6e200fa27a93438fb4354b133ad22fb5c91be1aa972304313c994d2cab3ec8`
SHA3	`b3ad2bfe789481fc4170621cb6b1a71bd7a43bc66829a4a0fd6ee8e4920c266b`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81645`
MD5	`07d9337bfe33ce2e75320830c93722d3`
SHA1	`f0051471d6ffd344c42e5d1813a338e1d120fe47`
SHA256	`0f9c734c1a47d2b8708f56240f17134b8a0b9779a0dced53d03fe8702c271be2`
SHA3	`8a6ebad8ac5e172047be81924560de4477d07cb6bac9c5c1a504b4909c3cf89c`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56755`
MD5	`9412ba466a3120593ae6f59ef362459c`
SHA1	`461ffc02e2d199901f4afdd7dd85dc75e622720b`
SHA256	`ad1310f6c9de95a64a676fbe4eb26d0358dee5844f60df53b30324ead93185c8`
SHA3	`aca87536f85481809009981c9da6060647ceaac307172fc988617eae4dca87bc`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62379`
MD5	`bc650ac7a6fa895c06e235063ef3a007`
SHA1	`ad694efb224054a3924bd1659bfe86065790ca9d`
SHA256	`06af8ecc8c139798451d7828c873fcbdf9d8cf8f9aeb2d041de216fa5bc2f81c`
SHA3	`18c3dd0c500aa17dc1c0c4adc1e15552b5451047d50dd2fcbc8a1d7807fec825`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30514`
MD5	`bba1836b56b12a6077487098727afd62`
SHA1	`ef8da038d0c587feaba927c35fd332478f434009`
SHA256	`7f559cb0a84d966c36bb238809c6c6082bc5396ba9a8f607e6d196e7550e5042`
SHA3	`a0abbfea5f471ea9bfed5f02d48b35e94b1ca5be3589b25296ec7a82ccae8e82`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14473`
MD5	`b9eb0c71cba002f44475d237c8df93f2`
SHA1	`b0327400cbb887d9ab30247d79021807e2ee9bee`
SHA256	`cd56fba5ceb0a03b35e58dc0b72ff8452477b7c3048873da94adc368efd15075`
SHA3	`45852eb8f203871e7248bbe2198f3a47decea1957456ab80258319b83043b862`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85768`
MD5	`a5b1a6e853c8070971fb677a5936ac43`
SHA1	`8cad0df6a7a7935e045642e9649a80c13504451e`
SHA256	`89ea72e458e4087497e3f44a2c825bef4df06ced9170113bc6f22bd74cb77fe8`
SHA3	`7b4d6d26c326ff842b69d62ffcfe9f0860ede4855b2f902ce497fb8f3eea3bc8`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64635`
MD5	`79a61f30774b30b4e5b53aca484edaf4`
SHA1	`e183680a94ca901c3538e30f3e4ce4701e492bd5`
SHA256	`0a0b5cdf994347a9c8ca04ac21cd564d5f57882ec57271266c845bc996052072`
SHA3	`c84daa9de636a64aa4af1f620b9b44ab3bbd2ed9413b5a46e1fc98d82bac7d13`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23134`
MD5	`d7f131fababeb1ccdde18c7158022ecf`
SHA1	`c22256639b88731eb82a97f4b31a8ad31599bde4`
SHA256	`d19aeb26a649f5ab2491b67b7096797f5edf50b7e4e2089441ec66a5060bc8bb`
SHA3	`3e9c27df8e27fc2e8dcd7273efa77b463dfd32b75b861a9fbdf5596ffe72df7b`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7ad8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90567`
Detected Filetype	PNG graphic file
MD5	`01c71bb6b38ab95b6a7e623b7017a976`
SHA1	`f03739021c3c8ef8d6bf0ff598bdfdbe0de0215a`
SHA256	`a2dfac85b5e84791a2a35ade58c21ca8469b88715f4880976ae09bbd9475a2eb`
SHA3	`cc9eb8513762cef2287fc8c6c374db3d73b8cd7ac6392a546ca16a27cefe642b`

97

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04857`
MD5	`13729251ed97317c9483a16420c70648`
SHA1	`8aba410ab7390e4da137156c84ee6263eec1f36f`
SHA256	`06ca7a5a0698f88a5692f9d598ff7334209bf2272b5a2798929a1fc3b60b8677`
SHA3	`26bf54dacf79edac57656f57f5b7ecef59d1b97d05d3f6d93a3c811a1c9a2e9a`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38262`
MD5	`6e4db8988b0449f6512d49ce3a9517a7`
SHA1	`1eab5aa4c5fdda84410577afb775aa3d9b09d6c3`
SHA256	`4a208f52d1765405454937584c93131b2acee7c9baf7a7a288ad6244ff47a2b4`
SHA3	`95f7fdefb0b4787b0c30006573b2d7dd1789a56ad66d87acc9eb9899a607a2c6`

188

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17822`
MD5	`a70f26327fbf4252448d9ccccd842faf`
SHA1	`3a015c9d0f7e490a25be55e204d844c7de9f9d2e`
SHA256	`b5e7c4be8f403ccb671414c2a534c72cdaf1a8461edf59caba03ac7216780749`
SHA3	`70eb8333298da9ef6c413c220399886dc44d013e16ec266aa66b044066dda1c7`

207

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`716f3259b70c376b8757003128391219`
SHA1	`a1b172c455640670db67ade9d9c7b62d9d2d3396`
SHA256	`5b51218d289f8381b271c6d4d224c67e99c9cdbf9d3f529bb8da29687f7180ec`
SHA3	`d9f9ec98368534575af8442776bcb377303669e86ec003f9af3b5508c1d21d26`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06827`
Detected Filetype	Icon file
MD5	`1c709af286943533ca15a84e096a75e8`
SHA1	`aaf478ee83acc909be95577acbc816d379492640`
SHA256	`d2d6b77c14040563114b8819cda8443d27f31f1c8d4d622db356dd9c093c0d0d`
SHA3	`020d796f6a84c2c94aadc59844f51e8355e0cecdea4737f145bf65a210485e9c`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42917`
MD5	`ee880902670d23e70dae2cf5b6167ae1`
SHA1	`703d5216b4cb2d5962d300ba6ce19b7773fcc919`
SHA256	`02feb4b3a662ffdfc92ae598172a521e06c583b18bc422c5880a1847af9608fe`
SHA3	`c176a6dab6495387052a1274b51f3243b90e1bc309a7fd16fb9c30eed64d38a2`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x392`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0729`
MD5	`04c19aaf1d24eaff97346ce43bf1175e`
SHA1	`2dfd108ea9c9572b2b1be42ad14d9ec534bec1f8`
SHA256	`2a8954c3a9010eec23758cebd1b448f05c6684f1c86c2cda238fb3da09e3994f`
SHA3	`4e81a13fe1471c2bb1ffec2859f9e6db7ee1745593496abfe369ff29442a544d`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.2.0.0
ProductVersion	7.2.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ReasonLabs
FileDescription	ReasonLabs-setup-wizard.exe
FileVersion (#2)	7.2.0
InternalName	7zS.sfx
LegalCopyright	Copyright (C) 2025 Reason Software Company Inc.
OriginalFilename	7zS.sfx.exe
ProductName	ReasonLabs Setup Wizard
ProductVersion (#2)	7.2.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x530f2aed`
Unmarked objects	`0`
C++ objects (8047)	`3`
14 (7299)	`8`
C objects (8047)	`11`
Linker (8047)	`2`
C objects (2190)	`1`
Total imports	`137`
Imports (2179)	`9`
C++ objects (VS98 SP6 build 8804)	`67`
C objects (VS2022 Update 6 (17.6.3) compiler 32534)	`1`
C objects (VS98 SP6 build 8804)	`2`
C objects (VS2010 SP1 build 40219)	`12`
ASM objects (VS2019 Update 8 (16.8.4) compiler 29336)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.