Manalyze report for 4ed73d9ac7771ce12db44f1754eac4cbad296bb44755189c29668169be206831

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Aug-11 13:54:06
Detected languages	Chinese - PRC
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Suspicious	The file contains overlay data.	`2852712 bytes of data starting at offset 0x3f600.` `The overlay data has an entropy of 7.99975 and is possibly compressed or encrypted.` `Overlay data amounts for 91.6594% of the executable.`
Malicious	VirusTotal score: 8/71 (Scanned on 2026-03-31 15:02:47)	`APEX: Malicious` `Bkav: W32.AIDetectMalware` `CrowdStrike: win/grayware_confidence_60% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `Elastic: malicious (moderate confidence)` `McAfeeD: ti!4ED73D9AC777` `Trapmine: malicious.high.ml.score`

Hashes

MD5	`ceb0971867114df9e2125e3cc8b53e16`
SHA1	`e712ca5ce6f4669e9be5351ab4e4cc9da0d8f7a8`
SHA256	`4ed73d9ac7771ce12db44f1754eac4cbad296bb44755189c29668169be206831`
SHA3	`ad03ccc25ee4974d73ee431fa2c35d6006f79caa21628578ffcf3c9aad4c6b95`
SSDeep	`49152:xPZ9Cecp4JNuw9afBkg2KafQ63ecp4JzV1JiinWYaD23znVRHQK6Z1JiijWYaD2F:0LQGBcQSLQzVjn6OjzwNZjj6Ouzwa8L`
Imports Hash	`a27082ae27c2caa428b0738d85b010f0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2017-Aug-11 13:54:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x2e200`
SizeOfInitializedData	`0x11000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001CEC9 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x30000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x62000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5c7b428a0e89ea47b4077685a6b368f9`
SHA1	`9bb5759ae9a50d70aaf7e8fdcc70f78de5fb22fb`
SHA256	`1f52651756fa79be9e21626f22224862276a5bcd189d5e870002aceecaa51ebd`
SHA3	`16c6717008b604c873871b787a82f1e8b1971182316e01898dff77fb827caa73`
VirtualSize	`0x2e1cb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69427`

.rdata

MD5	`93fd19be3a021a1128e7caf2a14b8416`
SHA1	`d34f019757ab5f1247bfdaf319cae3042da1e4c6`
SHA256	`c4b93be3b7060224b578671def160dea843b907e849aceb421a4a38df52f7665`
SHA3	`7f3573bb06defc78fe69969c1668996ee17e053d8a37601a149672320e787a7a`
VirtualSize	`0x98a0`
VirtualAddress	`0x30000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x2e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12106`

.data

MD5	`74d4929d26aa823ed75bb2f4ae8c5198`
SHA1	`7dda04335702bc241e8dcddf59b3e71abd97e5db`
SHA256	`d8654afd4f061cf27318d5e6a2dd4b6b3755d0355cf22296e69e6b72beb3fc93`
SHA3	`4dff12a0b044fcac6c25b10f9b3db242d4a11f7a4b1bf8c454657036cf8f32b2`
VirtualSize	`0x1f290`
VirtualAddress	`0x3a000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.23719`

.gfids

MD5	`5cfc4d481aa83c2fc6ce55ddf06fb8cf`
SHA1	`2b949861108262797c00380e5455d4008f311e29`
SHA256	`743fc2beb3369912c412929f824466ec2ed9e8f2a559534713e6abddd719fbf6`
SHA3	`c8c3d7174f4904bd33874414df396b79c03c7f525696a277d4f6d2666df99018`
VirtualSize	`0xe8`
VirtualAddress	`0x5a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.05507`

.rsrc

MD5	`0277a95330fbe36384115f87cf4d95ef`
SHA1	`38b1f5e23716059fd6f54231437a88f1d58cd09d`
SHA256	`f41c98a048fc3acc519f9724fd478cf5a6594fc16caf0f5c03b861d6210e3d71`
SHA3	`fbc9741d4d587be5353068564bd95ab75139370eb3a885a7aa20663099407203`
VirtualSize	`0x4680`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x38e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.73961`

.reloc

MD5	`9caffe0a7af61f18e5154f80560d2242`
SHA1	`d21964d56e565cdcadc3a6c020bae71c4d0b90ce`
SHA256	`0137cbe47a8f22f3e7033f1a0b616855e1fb0d26e9d056fdfcfdba9f4b4f57f3`
SHA3	`c19e9f6da35faeb2322bd350bdbc0af7db5cce51f7aa202e465bad71f0985856`
VirtualSize	`0x1f58`
VirtualAddress	`0x60000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x3d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62297`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `GetCurrentProcess` `DeviceIoControl` `SetFileTime` `CloseHandle` `CreateDirectoryW` `RemoveDirectoryW` `CreateFileW` `DeleteFileW` `CreateHardLinkW` `GetShortPathNameW` `GetLongPathNameW` `MoveFileW` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileAttributesW` `GetFileAttributesW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `SetThreadExecutionState` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `GetProcessAffinityMask` `CreateThread` `SetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `GetTickCount` `SetCurrentDirectoryW` `GetExitCodeProcess` `GetLocalTime` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TerminateProcess` `RtlUnwind` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `SetStdHandle` `HeapSize` `GetConsoleCP` `GetConsoleMode` `SetFilePointerEx` `DecodePointer`
USER32.dll (delay-loaded)	`WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `EndDialog` `SetDlgItemTextW` `GetDlgItemTextW` `PostMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `wvsprintfW` `GetClassNameW` `FindWindowExW` `MessageBoxW` `ReleaseDC` `GetDC` `SendMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetWindowTextW` `GetSystemMetrics` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `SendDlgItemMessageW` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x58820`
DelayImportAddressTable	`0x3aa70`
DelayImportNameTable	`0x38384`
BoundDelayImportTable	`0x38aa8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xbb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19099`
MD5	`5c475f4b07e1e05af29d25e1700f7279`
SHA1	`b139902d2f9eae34727ba4f740b4b1e99d4bc4e8`
SHA256	`690c938562399f89ad78e3fde2a7edaee8ddf2fafef987a7b37e577a8f6126ea`
SHA3	`1d3dd19fbcc656a30478c2b4ba98485853b464fe09ea2debc4cfc64271677d1e`
Preview

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38234`
MD5	`77c64818523675c19429aee1ec8a0544`
SHA1	`1f5a7359bf9b3922504c21ce175e82adcbb0a051`
SHA256	`4436650a65c64265abf4b8726a33b15c2b2039fc65e120c7173bcba67feb852b`
SHA3	`e2b667fb70d551750e259d2d592fa87c3f4a0de6658f6cf74f11b79633c2697c`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.88998`
MD5	`de81bccb6410c9e4acb325f67f268bc5`
SHA1	`008016ff2382733c62fd44c4e21e87f689a25500`
SHA256	`7b0ae8f74efcb3e7caf1429f5bba76108251eea88f9581dcfeb52a886470f7bc`
SHA3	`ce2d055cf9b0345750de0b6284ce7dfd64fbc84fb6faf2304e0dfd644474a3f6`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.12176`
MD5	`e9356775b7b8159cfad335fa2c2b22d5`
SHA1	`7d1b798e8a87d7ef3b07c6eaf598d8b5d7169639`
SHA256	`439c8b79133224a07cbe1a6e0c30eef9cdcdec92dab8ead48374e516304ef165`
SHA3	`50c0778cbbb68c04de463c928f7e60696bc24bb02c390baa555756af8e773e4e`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68705`
MD5	`41491a39d90ed5934e44c6a505f15ee5`
SHA1	`431fd71d8988019c76c464ea5a0c738b2d2671a8`
SHA256	`66548c9bb8b9c4ec76b076300868458c9a511cc86879915ebcbaf6f3e3a18334`
SHA3	`5b99077c1b6b71877c48f6d98bcc2cb38d4eb0920f6ebfe1632e6ee9e24e88f1`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7292`
MD5	`d1cc8bf4a631fd38ec484abe75cdd71f`
SHA1	`8d6f6585c7a871ff3e250cc186a6e57c33107e7d`
SHA256	`11e6538ea82c626499b97771cfd52a28e205593c1647c2e84d3d2601a648a026`
SHA3	`9fc206557c5f980b7f33789592f2e76c3ba83a67706f4f1d97476f1b36135952`

GETPASSWORD1

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65915`
MD5	`7a93f0ca290e8246630d7c4af7341270`
SHA1	`dcbf01054fb9e131abf9f0cf45c91398a1668ad2`
SHA256	`6852169893c53b3e0302a9d8e7710ffb92d24a9a32a3e9fee261521d91508e65`
SHA3	`6ebe6ebb4f58e50501488861c4978469806f3e56fa4ad09896901a94e1e9df3f`

LICENSEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28511`
MD5	`3fb9ded6980ae363e0a130c56bfc5209`
SHA1	`3becf928e4ca313142b57e71483b20c070fea35a`
SHA256	`a1ba3d6d2e0cee68b00fb1d4f40cf7e00aa3cb767289325c87653e215a2df871`
SHA3	`52c43135c89ae759bd2a7b86419ad344984f977497992dbe488d44f8a09ce5ce`

RENAMEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3152`
MD5	`e44d2eb3ac53bcb2487da280cdfa8e74`
SHA1	`1a497eea91b3984ef92604d385c76c64d6029cca`
SHA256	`c2c5449249abac98f37b75b9cc7a60682018b845bd79995c5fc7d8e55ed0ba4b`
SHA3	`cf79347f2d52840d08a61ff7cc7efe80ed60fc380b4dfb182fb865088c18e2a1`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x286`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86396`
MD5	`40e929551f419652328b94608156cc07`
SHA1	`d5ba33c311fff14bac1743b0755e1c4b55c30ba2`
SHA256	`bf48c10ea6c98dd7c9d3c08ce434ead0fa81a7527c8e06a30fda640fc891bd0c`
SHA3	`9682875232677025fb491eebcc360cce37e22d82d6e00da168c0b118d7576ff5`

STARTDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85844`
MD5	`ef4a39684002a09c5e0f9dae61b57d46`
SHA1	`3277c62bf19387857cf945f73fcbb44e2b035260`
SHA256	`66e8bed85ddf56dad9d3aa83f63a4461b0f428d8ed10868a7fb926b501e7bbf9`
SHA3	`3eaa54258c9697a2b3b07478591e8a69cffc6361c322e6391ce7ea6bfe81cfba`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24197`
MD5	`8ca50c6d9b706b5b54a2488d5c5b38e9`
SHA1	`b8299ac71b01868216cca3e1a6f8869da38bd52f`
SHA256	`ffe6497bc7dcd606af6d9541b61b6ee3b0c887ac02d4f3e113babb060ee8a6df`
SHA3	`998eca4b5a8f9424de554d486a33a8cae59d479b300c6d2ff39a1d0adb985ec3`

8

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27357`
MD5	`29900d0c70f7d6afd1aabcbd4bab07d4`
SHA1	`712f04b0fbdd0e2520dd2e6fc354890fa46ad367`
SHA256	`0c7c7491d2621f8fd7730e856bf7229e4f048ed20b718e606081bc8c9f029c39`
SHA3	`04bfbaf5a5aadb4fdb59861373dd84b66006bf4716f48ce9688df306b6508bb6`

9

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38938`
MD5	`dfe0ef7d20a13b34848e57dcd9d3724c`
SHA1	`5407c6880949f8a2016b87c8e29c8ceb77056215`
SHA256	`9b9729f905deed0366f0896d6a8478660f3069bf134b84ca7bdae8df88156e8b`
SHA3	`a6354f4aeeec202b3eba2c9abf14e986fbb0660989f4efda1701dfdbbd96a988`

10

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11103`
MD5	`e383f0995f33a43495e593e1e58eab8b`
SHA1	`91c47b28532fe394872fc308515fbf1fb0b58ef4`
SHA256	`eba3cd59aabb059ff6dd5904703d2da36d68d28e2e7f79a0cf5056c424265f4d`
SHA3	`d8baefd6b15c1bc4a3ec6937a06d6871e45f645aa21ee845937cb36816803954`

11

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x282`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36199`
MD5	`b7be799a30f2c7aebb9e06a9411df655`
SHA1	`03a87be7e8c8ae276d039b5802b51f905a38e994`
SHA256	`571651250ac0b9fc4f9d0ff5147acbb17e1c611058e3d8bf8a9d1d6c508a0b52`
SHA3	`a57abe3604cf79bb43abce8d2d2392576d1c2e5e9016d6367899a4b2c134635f`

12

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71863`
MD5	`28501c6029b8c5a9e4c8c994d38bb518`
SHA1	`8bdd1ba1c5ee7ce9dee778baceb063fc0cbf36a4`
SHA256	`7fcd291aeb77b1c89b9face3e8ede4a905a6b0ac6be455b519ce51dce4a456bf`
SHA3	`bbb82c148f7fa2f219947630e1595af3066842a48f7c2cf91b1d9168e93f0074`

13

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.78806`
MD5	`2af82c935eb920919dba476a75494318`
SHA1	`5adb9972c7287a3a04b7168eb0782ed2b2112439`
SHA256	`28a41706b09c78873ffa1ccf2418cdfc9c262ca513dc937eed4d3f7fa252c417`
SHA3	`5a5aeefec8142ec74986496ba40e65128d161ad304bcb2007cfecf232fbd8ef4`

14

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62034`
MD5	`0b29fac9dcff63f4c686bfe9a317802f`
SHA1	`aba2287e45dbd1a47a249e8899b0ed9dcf49f6cf`
SHA256	`52f54d67953880ded71446fb9ac50d0ecc9c5b0a0cb530a8840bc7ae427deaef`
SHA3	`cdd549e9651176b1ac07c814254a0f102fa0539bd07b0eeeff4e5b19b1b8d8aa`

15

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x52`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33363`
MD5	`6d84ad0803c197cd7543529933cae579`
SHA1	`ca9d6a6fe0af032af09b8c1ea9f1b09c8d287ccb`
SHA256	`f29d45b019c56054d8040142049850ee99417c459b5bf9b1acdd786b7b767bd8`
SHA3	`aaca25638b9b5b8e8ee656104df9795344d6aca1b8299be9b90cef24b1537246`

16

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.43065`
MD5	`e5dc774481042a0350e3b0fbf4f079c0`
SHA1	`0d1e3d9948850acb79deb458d296a7d97efa6710`
SHA256	`e82172c954c44394511dc01d8ce4da46af3f0ee4b56ac54e92f84961c2590f04`
SHA3	`d7e6f6a1644ac1980b3af3400d37a45bb607d9c86859e678cc57daa7e494d7bb`

100

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64576`
Detected Filetype	Icon file
MD5	`f6262f462f61a1af1cac10cf4b790e5a`
SHA1	`4aa3239c2c59fa5f246b0dd68da564e529b98ff4`
SHA256	`44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c`
SHA3	`f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca`

1 (#2)

Type	`RT_MANIFEST`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x753`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25329`
MD5	`8ddcbbd6b8c80eef68bf9305e59fa1f3`
SHA1	`014923abccec57fa3ad16f65feb0de2b8cbc8408`
SHA256	`1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810`
SHA3	`e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69`

String Table contents

选择目标文件夹
正在解压 %s
正在跳过 %s
不可预料的压缩文件末端
文件“%s”头被破坏
找到损坏的头
主压缩文件头已损坏
压缩文件注释头损坏
压缩文件注释已损坏
没有足够的内存
未知方式于 %s
无法打开 %s
无法创建 %s
无法创建文件夹 %s
加密的文件 %s 里发生校验和错误。损坏的文件或错误的密码。
%s 校验和错误
%s 中压缩的数据校验和错误
在文件 %s 中写入错误。磁盘可能已满
在文件 %s 中读取错误
文件关闭错误
缺少必须的分卷
这个压缩文件格式未知或者数据已经被损坏
正在从 %s 中提取
下一压缩卷
压缩文件头损坏
关闭
错误
执行指定操作时发生错误
查看信息窗口获取更多细节信息
字节
修改于
文件夹无法访问
某些文件无法被创建。
请关闭所有正在运行的应用程序,重新启动 Windows 并再次运行此安装程序
某些安装文件被破坏。
请下载一个最新版本或重试安装程序
所有文件
<style>body{font-family:"Arial,宋体";font-size:12;}</style><ul><li>单击 <b>安装</b> 按钮开始解压。</li><br><br>
<ul><li>按下 <b>解压</b> 按钮开始解压。</li><br><br>
<li>使用 <b>浏览</b> 按钮从目录树中选择目标文件夹。它也可以手动输入。
</li>
<br><br>
<li>如果指定的目标文件夹不存在，在文件解压前它将被自动创建。
已在提取之前自动创建。</li></ul>
压缩文件已损坏
正解压文件到 %s 文件夹
正解压文件到临时文件夹
解压
解压进度
路径和文件名总长度必须不能超过 %d 个字符
在 %s 里未知的加密模式
指定的密码不正确。
无法复制 %s 到 %s。
无法创建符号链接 %s
无法创建硬链接 %s
你可能需要以管理员权限运行此自解压压缩文件
暂停
继续
安全警告
请将 %s 从文件夹 %s 中删除。除非完成此步骤，否则运行 %s 是不安全的。

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Aug-11 13:54:06
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x370b8`
PointerToRawData	`0x356b8`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-Aug-11 13:54:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3710c`
PointerToRawData	`0x3570c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Aug-11 13:54:06
Version	`0.0`
SizeofData	`944`
AddressOfRawData	`0x37120`
PointerToRawData	`0x35720`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43a1b8`
SEHandlerTable	`0x437020`
SEHandlerCount	`38`

RICH Header

XOR Key	`0x5a5f60ba`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`139`
242 (40116)	`24`
ASM objects (VS2015 UPD3 build 24123)	`22`
C objects (VS2015 UPD3 build 24123)	`19`
C++ objects (VS2015 UPD3 build 24123)	`44`
C objects (VS2008 SP1 build 30729)	`10`
Imports (VS2008 SP1 build 30729)	`3`
Total imports	`250`
C++ objects (VS2015 UPD3.1 build 24215)	`48`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

Leave a comment

No comments yet.