Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Aug-11 13:54:06 |
Detected languages |
English - United States
|
Debug artifacts |
D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
66874 bytes of data starting at offset 0x3f600.
The overlay data has an entropy of 7.99727 and is possibly compressed or encrypted. |
Malicious | VirusTotal score: 9/68 (Scanned on 2020-02-24 21:25:38) |
Invincea:
heuristic
F-Prot: W32/S-e8958863!Eldorado APEX: Malicious VIPRE: Trojan.Win32.Generic!BT McAfee-GW-Edition: BehavesLike.Win32.Backdoor.fh Trapmine: malicious.high.ml.score FireEye: Generic.mg.dc0deef01bfec1ac Cyren: W32/S-e8958863!Eldorado Qihoo-360: HEUR/QVM10.1.782C.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2017-Aug-11 13:54:06 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x2e200 |
SizeOfInitializedData | 0x2f800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001CEC9 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x30000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x62000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetLastError
SetLastError GetCurrentProcess DeviceIoControl SetFileTime CloseHandle CreateDirectoryW RemoveDirectoryW CreateFileW DeleteFileW CreateHardLinkW GetShortPathNameW GetLongPathNameW MoveFileW GetFileType GetStdHandle WriteFile ReadFile FlushFileBuffers SetEndOfFile SetFilePointer SetFileAttributesW GetFileAttributesW FindClose FindFirstFileW FindNextFileW GetVersionExW GetCurrentDirectoryW GetFullPathNameW FoldStringW GetModuleFileNameW GetModuleHandleW FindResourceW FreeLibrary GetProcAddress GetCurrentProcessId ExitProcess SetThreadExecutionState Sleep LoadLibraryW GetSystemDirectoryW CompareStringW AllocConsole FreeConsole AttachConsole WriteConsoleW GetProcessAffinityMask CreateThread SetThreadPriority InitializeCriticalSection EnterCriticalSection LeaveCriticalSection DeleteCriticalSection SetEvent ResetEvent ReleaseSemaphore WaitForSingleObject CreateEventW CreateSemaphoreW GetSystemTime SystemTimeToTzSpecificLocalTime TzSpecificLocalTimeToSystemTime SystemTimeToFileTime FileTimeToLocalFileTime LocalFileTimeToFileTime FileTimeToSystemTime GetCPInfo IsDBCSLeadByte MultiByteToWideChar WideCharToMultiByte GlobalAlloc GetTickCount SetCurrentDirectoryW GetExitCodeProcess GetLocalTime MapViewOfFile UnmapViewOfFile CreateFileMappingW OpenFileMappingW GetCommandLineW SetEnvironmentVariableW ExpandEnvironmentStringsW GetTempPathW MoveFileExW GetLocaleInfoW GetTimeFormatW GetDateFormatW GetNumberFormatW RaiseException GetSystemInfo VirtualProtect VirtualQuery LoadLibraryExA IsProcessorFeaturePresent IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW QueryPerformanceCounter GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead TerminateProcess RtlUnwind EncodePointer InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW QueryPerformanceFrequency GetModuleHandleExW GetModuleFileNameA GetACP HeapFree HeapAlloc HeapReAlloc GetStringTypeW LCMapStringW FindFirstFileExA FindNextFileA IsValidCodePage GetOEMCP GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap SetStdHandle HeapSize GetConsoleCP GetConsoleMode SetFilePointerEx DecodePointer |
---|---|
USER32.dll (delay-loaded) |
WaitForInputIdle
IsWindowVisible DialogBoxParamW EndDialog SetDlgItemTextW GetDlgItemTextW PostMessageW SetFocus SetForegroundWindow GetSysColor LoadBitmapW LoadIconW DestroyIcon IsDialogMessageW wvsprintfW GetClassNameW FindWindowExW MessageBoxW ReleaseDC GetDC SendMessageW LoadCursorW CopyRect MapWindowPoints UpdateWindow DestroyWindow IsWindow CreateWindowExW RegisterClassExW DefWindowProcW PeekMessageW DispatchMessageW TranslateMessage GetMessageW CharUpperW OemToCharBuffA LoadStringW GetWindow SetProcessDefaultLayout SetWindowLongW GetWindowLongW GetWindowRect GetClientRect GetWindowTextW GetSystemMetrics SetWindowPos GetParent SetWindowTextW EnableWindow GetDlgItem SendDlgItemMessageW ShowWindow |
Attributes | 0x1 |
---|---|
Name | USER32.dll |
ModuleHandle | 0x58820 |
DelayImportAddressTable | 0x3aa70 |
DelayImportNameTable | 0x38384 |
BoundDelayImportTable | 0x38aa8 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Select destination folder |
Extracting %s |
Skipping %s |
Unexpected end of archive |
The file "%s" header is corrupt |
Corrupt header is found |
Main archive header is corrupt |
The archive comment header is corrupt |
The archive comment is corrupt |
Not enough memory |
Unknown method in %s |
Cannot open %s |
Cannot create %s |
Cannot create folder %s |
Checksum error in the encrypted file %s. Corrupt file or wrong password. |
Checksum error in %s |
Packed data checksum error in %s |
Write error in the file %s. Probably the disk is full |
Read error in the file %s |
File close error |
The required volume is absent |
The archive is either in unknown format or damaged |
Extracting from %s |
Next volume |
The archive header is corrupt |
Close |
Error |
Errors encountered while performing the operation |
Look at the information window for more details |
bytes |
modified on |
folder is not accessible |
Some files could not be created. |
Please close all applications, reboot Windows and restart this installation |
Some installation files are corrupt. |
Please download a fresh copy and retry the installation |
All files |
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br> |
<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br> |
<li>Use <b>Browse</b> button to select the destination |
folder from the folders tree. It can be also entered |
manually.</li><br><br> |
<li>If the destination folder does not exist, it will be |
created automatically before extraction.</li></ul> |
The archive is corrupt |
Extracting files to %s folder |
Extracting files to temporary folder |
Extract |
Extraction progress |
Total path and file name length must not exceed %d characters |
Unknown encryption method in %s |
The specified password is incorrect. |
Cannot copy %s to %s. |
Cannot create symbolic link %s |
Cannot create hard link %s |
You may need to run this self-extracting archive as administrator |
Pause |
Continue |
Security warning |
Please remove %s from folder %s. It is unsecure to run %s until it is done. |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Aug-11 13:54:06 |
Version | 0.0 |
SizeofData | 81 |
AddressOfRawData | 0x370b8 |
PointerToRawData | 0x356b8 |
Referenced File | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Aug-11 13:54:06 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x3710c |
PointerToRawData | 0x3570c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Aug-11 13:54:06 |
Version | 0.0 |
SizeofData | 944 |
AddressOfRawData | 0x37120 |
PointerToRawData | 0x35720 |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x43a1b8 |
SEHandlerTable | 0x437020 |
SEHandlerCount | 38 |
XOR Key | 0x5a5f60ba |
---|---|
Unmarked objects | 0 |
241 (40116) | 13 |
243 (40116) | 139 |
242 (40116) | 24 |
ASM objects (VS2015 UPD3 build 24123) | 22 |
C objects (VS2015 UPD3 build 24123) | 19 |
C++ objects (VS2015 UPD3 build 24123) | 44 |
C objects (VS2008 SP1 build 30729) | 10 |
Imports (VS2008 SP1 build 30729) | 3 |
Total imports | 250 |
C++ objects (VS2015 UPD3.1 build 24215) | 48 |
Exports (VS2015 UPD3.1 build 24215) | 1 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |