| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Feb-01 18:16:43 |
| Detected languages |
English - United States
|
| Debug artifacts |
D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb
|
| ProductName | WinRAR |
| CompanyName | Alexander Roshal |
| FileDescription | WinRAR |
| FileVersion | 7.20.0 |
| ProductVersion | 7.20.0 |
| InternalName | WinRAR |
| LegalCopyright | Copyright © Alexander Roshal 1993-2026 |
| OriginalFilename | WinRAR.exe |
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA256 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .fptable |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: win.rar GmbH
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
| Suspicious | VirusTotal score: 1/71 (Scanned on 2026-02-28 07:23:29) | ClamAV: Win.Trojan.Generic-9947715-0 |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x110 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 8 |
| TimeDateStamp | 2026-Feb-01 18:16:43 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x3e800 |
| SizeOfInitializedData | 0x45e00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000025ED0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x8a000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x3be17f |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
GetLastError
FormatMessageW LocalFree SetLastError CreateHardLinkW SetFileTime CreateFileW CloseHandle DeviceIoControl RemoveDirectoryW DeleteFileW GetLongPathNameW GetShortPathNameW MoveFileW GetStdHandle WriteFile ReadFile SetFilePointer SetEndOfFile FlushFileBuffers GetFileType CreateDirectoryW GetFileAttributesW SetFileAttributesW GetCurrentProcessId FindClose FindFirstFileW FindNextFileW GetVersionExW GetFullPathNameW FoldStringW GetModuleFileNameW SetCurrentDirectoryW GetCurrentDirectoryW GetModuleHandleW FindResourceW FreeLibrary GetProcAddress ExpandEnvironmentStringsW SetThreadExecutionState GetCurrentProcess CompareStringW AllocConsole AttachConsole WriteConsoleW Sleep FreeConsole ExitProcess GetSystemDirectoryW LoadLibraryW InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection CreateThread WaitForSingleObject GetProcessAffinityMask CreateSemaphoreW CreateEventW ReleaseSemaphore SetThreadPriority SetEvent ResetEvent FileTimeToSystemTime SystemTimeToTzSpecificLocalTime SystemTimeToFileTime GetSystemTime WideCharToMultiByte MultiByteToWideChar GetCPInfo IsDBCSLeadByte GlobalAlloc SizeofResource LoadResource LockResource GlobalLock GlobalUnlock GlobalFree GetDateFormatW GetTimeFormatW GlobalMemoryStatusEx GetLocaleInfoW GetNumberFormatW GetCommandLineW SetEnvironmentVariableW GetLocalTime GetTickCount MoveFileExW GetTempPathW GetExitCodeProcess GetConsoleMode GetConsoleOutputCP HeapSize SetFilePointerEx GetStringTypeW SetStdHandle GetProcessHeap LCMapStringW InitializeCriticalSectionEx RaiseException GetSystemInfo VirtualProtect VirtualQuery LoadLibraryExA RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent ReleaseSRWLockExclusive AcquireSRWLockExclusive WakeAllConditionVariable SleepConditionVariableSRW IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead RtlUnwindEx RtlPcToFileHeader EncodePointer InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW QueryPerformanceFrequency GetModuleHandleExW HeapFree HeapAlloc HeapReAlloc FindFirstFileExW IsValidCodePage GetACP GetOEMCP GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW FlsAlloc FlsGetValue FlsSetValue FlsFree |
|---|---|
| OLEAUT32.dll |
SysAllocString
SysFreeString |
| gdiplus.dll |
GdipFree
GdipAlloc GdipCloneImage GdipDisposeImage GdipCreateHBITMAPFromBitmap GdiplusStartup GdiplusShutdown GdipCreateBitmapFromStream |
| COMCTL32.dll (delay-loaded) |
InitCommonControlsEx
|
| Attributes | 0x1 |
|---|---|
| Name | COMCTL32.dll |
| ModuleHandle | 0x56190 |
| DelayImportAddressTable | 0x65090 |
| DelayImportNameTable | 0x523b8 |
| BoundDelayImportTable | 0x52cf8 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
| Select destination folder |
| Extracting %s |
| Skipping %s |
| Unexpected end of archive |
| The file "%s" header is corrupt |
| The archive comment header is corrupt |
| The archive comment is corrupt |
| Not enough memory |
| Unknown method in %s |
| Cannot open %s |
| Cannot create %s |
| Cannot create folder %s |
| CRC failed in the encrypted file %s. Corrupt file or wrong password. |
| CRC failed in %s |
| Packed data CRC failed in %s |
| Write error in the file %s |
| Read error |
| File close error |
| The required volume is absent |
| The archive is either in unknown format or damaged |
| Extracting from %s |
| Next volume |
| The archive header is corrupt |
| Close |
| Error |
| Errors encountered while performing the operation |
| Look at the information window for more details |
| bytes |
| modified on |
| folder is not accessible |
| Some files could not be created. |
| You can try to repeat the installation after closing other applications and restarting Windows. |
| Some installation files are corrupt. |
| Please download a fresh copy and retry the installation |
| Copyright © 1993-%d |
| Extracting files to %s folder |
| Extracting files to temporary folder |
| Extract |
| Extraction progress |
| Total path and file name length must not exceed %d characters |
| Pause |
| Continue |
| Security warning |
| Please remove %s from folder %s. It is unsecure to run %s until it is done. |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 7.20.0.0 |
| ProductVersion | 7.20.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| ProductName | WinRAR |
| CompanyName | Alexander Roshal |
| FileDescription | WinRAR |
| FileVersion (#2) | 7.20.0 |
| ProductVersion (#2) | 7.20.0 |
| InternalName | WinRAR |
| LegalCopyright | Copyright © Alexander Roshal 1993-2026 |
| OriginalFilename | WinRAR.exe |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Feb-01 18:16:43 |
| Version | 0.0 |
| SizeofData | 87 |
| AddressOfRawData | 0x4dbb8 |
| PointerToRawData | 0x4c7b8 |
| Referenced File | D:\Projects\WinRAR\SFX\setup\build\sfxrar64\Release\sfxrar.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Feb-01 18:16:43 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x4dc10 |
| PointerToRawData | 0x4c810 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2026-Feb-01 18:16:43 |
| Version | 0.0 |
| SizeofData | 1164 |
| AddressOfRawData | 0x4dc24 |
| PointerToRawData | 0x4c824 |
| StartAddressOfRawData | 0x14004e0f8 |
|---|---|
| EndAddressOfRawData | 0x14004e100 |
| AddressOfIndex | 0x1400567cc |
| AddressOfCallbacks | 0x140040620 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140055040 |
| GuardCFCheckFunctionPointer | 5368972536 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
| XOR Key | 0x5f07ccd5 |
|---|---|
| Unmarked objects | 0 |
| C++ objects (33145) | 157 |
| ASM objects (33145) | 9 |
| 253 (35207) | 2 |
| ASM objects (35207) | 10 |
| C objects (35207) | 17 |
| C++ objects (35207) | 60 |
| C objects (33145) | 21 |
| C objects (CVTCIL) (33145) | 1 |
| Imports (33145) | 7 |
| Total imports | 289 |
| C++ objects (LTCG) (35221) | 46 |
| Exports (35221) | 1 |
| Resource objects (35221) | 1 |
| Linker (35221) | 1 |
No comments yet.