Manalyze report for 7a3b1683883d1e489ebd05d1cfcaaa30f2356ee55a80d1c51e1b6dbfbf6f3df9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2051-May-03 12:54:45
Detected languages	English - United States French - France
Debug artifacts	wextract.pdb
CompanyName	Microsoft Corporation
FileDescription	Auto-extracteur de fichier CAB Win32
FileVersion	`11.00.26100.8457 (WinBuild.160101.0800)`
InternalName	Wextract
LegalCopyright	Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.
OriginalFilename	WEXTRACT.EXE .MUI
ProductName	Internet Explorer
ProductVersion	`11.00.26100.8457`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `May have dropper capabilities: CurrentVersion\Run` `Contains domain names: Command.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegQueryInfoKeyA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE header may have been manually modified.	`Resource CABINET detected as a CAB Installer file.` `The resource timestamps differ from the PE header: 1980-Nov-04 23:14:44`
Suspicious	VirusTotal score: 2/69 (Scanned on 2026-06-13 08:37:44)	`CrowdStrike: win/malicious_confidence_60% (D)` `huorong: HEUR:TrojanDownloader/PS.NetLoader.av`

Hashes

MD5	`81251fb5691c6708edf2debefc2b3f8b`
SHA1	`b40ec3cf8cf9ab2d151d7a4a3dd9b7e47f714efd`
SHA256	`7a3b1683883d1e489ebd05d1cfcaaa30f2356ee55a80d1c51e1b6dbfbf6f3df9`
SHA3	`7c695bf84de7b3efeb688f3738bf463dc2aa7f9215767b2530060afb9577893a`
SSDeep	`3072:VRLiJRaxQRsgLY1+5GWp1icKAArDZz4N9GhbkrNEkJEPHy:23axQpnp0yN90QEo`
Imports Hash	`9da7080b9b697496fd4f41997e8bd436`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2051-May-03 12:54:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x23000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001300 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2f000`
SizeOfHeaders	`0x1000`
Checksum	`0x32b39`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2f93d3de38d5a9d6fd85af1b11f5e7b8`
SHA1	`1bfb6aeee1c368342d9124728cda1d9e9eca46e1`
SHA256	`acb6f2555bb385de99f9bf56740e70ba888764e461a85629e34af626701b4349`
SHA3	`a9f83e55b5e92e9deb96870a235d3bf64111854c8b85a3d0830f4f7dbd1ae413`
VirtualSize	`0x8cd0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06962`

fothk

MD5	`32d3146f450c17968bbc5e20d765eea4`
SHA1	`36fd76f5570f428fd81518a84ee569c4a5f8cb53`
SHA256	`39564658472574ca6af95818606feaa50eb522650815189d0b577c04faa1dc33`
SHA3	`4c2a8c4219c5d346bb24ee0dfe84804d4637f922ceca202557601f0b18500c91`
VirtualSize	`0x1000`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0154319`

.rdata

MD5	`735590477c3101f5f84896ff80338942`
SHA1	`c332c45cfd2c47a50d0798a26589668b101b6e4d`
SHA256	`7d7c6aded4be0474a817bc1419cf77ecfe9d568d9809867f951a09d0bf92e242`
SHA3	`90b34e904a6b9e0a37158a736e8112d4d01c76277794a020d5279908b152be1c`
VirtualSize	`0x2940`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.32587`

.data

MD5	`158424ed40b5e3daf92c419328534714`
SHA1	`4cd59c2d63a97e186ee2447ab7043f8dfddaf6b2`
SHA256	`75d557870afe06be5b3decb08dc53508088eb496fc5a48cb4a57eb3cf7322a6e`
SHA3	`af252d6521eb79057869e494cd1d7d74891abd278a15f9cc2c3035b432ee10a0`
VirtualSize	`0x1ff0`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.05058`

.pdata

MD5	`5074fef64be6c47fb6a2d7ef993ce244`
SHA1	`94b5477d1036ddc2ae79cb43718edb97747edd8f`
SHA256	`6530e8db09611cfd956f9bb47a2d3e45ec7bc50f077bb4d244ab0b409d45a169`
SHA3	`851410e33f4a9aec3fc97cbb2c68e7908361df69b98e872912b849ef04c7e78e`
VirtualSize	`0x4b0`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.61322`

.rsrc

MD5	`7beb02c73a6b04bfab22e0531cd32018`
SHA1	`6a2d9134f3a4b97bc25d0be8b7c9f3924269bad0`
SHA256	`d396c3cb8042a68d9416315c025caf2379a46f965b879425cec1b478f6be93bf`
SHA3	`bd8286f7192eb9fd4c2a8568de60dbdea77a9d6776fe418af3030a02c3245ce1`
VirtualSize	`0x1d000`
VirtualAddress	`0x11000`
SizeOfRawData	`0x1d000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.98263`

.reloc

MD5	`d9454e38355896165e013f58aa450566`
SHA1	`5468e7b0f9569ea1851550e29dc74b94f57f3b9d`
SHA256	`b5dd3dc9b8f214e6ea0ba378242110580a7673e6db3631ad0b588b5dff9cc451`
SHA3	`8b01220975ff03ae06f65fcd45bbfbd0c305b31ce302fcede96b65ecf114db2c`
VirtualSize	`0xac`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.236083`

Imports

ADVAPI32.dll	`GetTokenInformation` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryInfoKeyA` `FreeSid` `OpenProcessToken` `RegSetValueExA` `RegCreateKeyExA` `LookupPrivilegeValueA` `AllocateAndInitializeSid` `RegQueryValueExA` `EqualSid` `RegCloseKey` `AdjustTokenPrivileges` `EventUnregister` `EventRegister` `EventWriteTransfer`
KERNEL32.dll	`_lopen` `_llseek` `CompareStringA` `GetLastError` `GetFileAttributesA` `GetSystemDirectoryA` `LoadLibraryA` `DeleteFileA` `GlobalAlloc` `GlobalFree` `CloseHandle` `WritePrivateProfileStringA` `IsDBCSLeadByte` `GetWindowsDirectoryA` `SetFileAttributesA` `GetProcAddress` `GlobalLock` `LocalFree` `RemoveDirectoryA` `FreeLibrary` `_lclose` `CreateDirectoryA` `GetPrivateProfileIntA` `GetPrivateProfileStringA` `GlobalUnlock` `ReadFile` `SizeofResource` `WriteFile` `GetModuleHandleExW` `GetDriveTypeA` `GetShortPathNameA` `lstrcmpA` `SetFilePointer` `FindResourceA` `CreateMutexA` `GetVolumeInformationA` `WaitForSingleObject` `GetCurrentDirectoryA` `FreeResource` `ExpandEnvironmentStringsA` `SetCurrentDirectoryA` `GetTempPathA` `LocalFileTimeToFileTime` `CreateFileA` `SetEvent` `TerminateThread` `GetVersionExA` `LockResource` `GetSystemInfo` `CreateThread` `ResetEvent` `LoadResource` `ExitProcess` `GetModuleHandleW` `CreateProcessA` `FormatMessageA` `GetTempFileNameA` `DosDateTimeToFileTime` `CreateEventA` `LoadLibraryExW` `GetExitCodeProcess` `MulDiv` `LocalAlloc` `SetFileTime` `GetDiskFreeSpaceA` `EnumResourceLanguagesA` `GetTickCount` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStartupInfoW` `Sleep` `FindClose` `FindNextFileA` `GetCurrentProcess` `FindFirstFileA` `GetVersion` `GetModuleFileNameA` `LoadLibraryExA`
GDI32.dll	`GetDeviceCaps`
USER32.dll	`MsgWaitForMultipleObjects` `SetWindowPos` `GetDC` `GetWindowRect` `DispatchMessageA` `ShowWindow` `DialogBoxIndirectParamA` `GetDesktopWindow` `CharUpperA` `SetDlgItemTextA` `ExitWindowsEx` `MessageBeep` `EndDialog` `CharPrevA` `LoadStringA` `CharNextA` `EnableWindow` `ReleaseDC` `SetForegroundWindow` `SetWindowLongPtrA` `GetWindowLongPtrA` `PeekMessageA` `GetDlgItem` `SendMessageA` `SendDlgItemMessageA` `MessageBoxA` `SetWindowTextA` `CallWindowProcA` `GetSystemMetrics` `GetDlgItemTextA`
msvcrt.dll	`_fmode` `_commode` `?terminate@@YAXXZ` `_acmdln` `memset` `__C_specific_handler` `_initterm` `__setusermatherr` `_ismbblead` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `_XcptFilter` `memcpy_s` `_vsnprintf` `memcpy`
COMCTL32.dll	`#17`
Cabinet.dll	`#20` `#23` `#22` `#21`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`

Delayed Imports

3001

Type	`AVI`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e1a`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.52241`
Detected Filetype	AVI Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`f9035cf32b756fd6a452e9fdfd4a5dd9`
SHA1	`6912e88a3ee4d2c98ca69772cec564c6334fd9c4`
SHA256	`3bd1d253c90f7e82dc70dc1e4b869cc2e5e154e6b4079be93837e4a6c68044c0`
SHA3	`8cd00290363b6d3e609845f2e5828f3e2adaf35c4a97561bcf427bbd054401a6`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.0699`
MD5	`1119ea8ccf13471c5cb7981c00112bd1`
SHA1	`5311a1759e6269a3cb555795379241550dc70baf`
SHA256	`689e072bec88a4f92eeadc6ada816cbcbedc4de9e76b27c38183f820bcc11e04`
SHA3	`2829f8159ff036d9f6a40b9fad5416e1c3458ad61e83e0139a92c36620b75e99`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.15864`
MD5	`46db957427f76e2faed509fa0f083815`
SHA1	`9f062ff76b99cdbbdbc040adca1ec94fd7e0ebf8`
SHA256	`3032bc8ec0d2b10c731ce65338958a69401a6ea5c13bf43236be1cadfaaa796f`
SHA3	`d64af304edb5ed919be1e617b3194ad9d40d97f07942bc10ffe3529713358797`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.07737`
MD5	`53892c6e1aa6882a0e541da89c8bed9b`
SHA1	`74093737e0c001a618623b84ae2a7c0ae105870b`
SHA256	`c6f49cc3ab503756f46a301d8543d1ed4db7e037b4df86407d24de6542a9b241`
SHA3	`28c5ddd935a6f3e2a9112068eb23447d12c5b75a05fabd52aba335a36d3cd694`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.50949`
MD5	`77c3fdd8ab3a5023f948ef9dc0a75588`
SHA1	`3c10786225e3af4724ad179081ab67b7bdddb002`
SHA256	`472af970994f80d1368af62de093894cdef4e2ea76f661eabc49e4f7e41a5860`
SHA3	`c7ef5cf31e71ee1211fe1b9ec1aab03e0cc3d9c88d358837f2bf4982d8e83469`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.56662`
MD5	`9291ba83d585b4e27b489e5e6c0b9e6d`
SHA1	`6a1823c83ba0ee8a9088c2d96c951ff7b0aad0ed`
SHA256	`828bf50bd62a7fca6f0ee8d03970215d1550d31a4f9382b1608b76742ef8aa95`
SHA3	`2201c2224048249b39ff38a95ea21061ad85214a9912fb00474b96082ce81112`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.94251`
MD5	`dd6416457884b08fb3b97e48cd8b296d`
SHA1	`460407ba589b388b7095dac3cba861d07d0bc32d`
SHA256	`5a2bcb6347493ac6873330f55603ae586a8b21ab1a7137f7b326b6e682827892`
SHA3	`ff855ab2a14ba17cb2d90b6bdaee4e2257ee959788fa22e7a62a25a86fe401ec`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.99361`
MD5	`d9189a0ae5a4ce576b2cd6a3aee869d2`
SHA1	`546acefecec2664dafd9c62b84211d32c5c25ddc`
SHA256	`563e2c3128746f769950f3ccb9267525888c91c6437692a719541acd71afad5c`
SHA3	`4589be5962a881128d7157d9d319ba7ed7c15b7a5c322de0ce2ec6b795bf4191`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.37828`
MD5	`ff4b77125d8d6dd0bb13557a6e043d70`
SHA1	`4f401d2b2fdd25337757c115b0c3d16850ee90df`
SHA256	`4429f0eabd35418cb2022378e73ee2e766841d35aca4a8b7369359d1341304fe`
SHA3	`915504672b75c8aa786fa9065ade3aaccb2a03a46fe59b92c0f65e502ae43196`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd9d2`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`7.98515`
Detected Filetype	PNG graphic file
MD5	`d58effc60f9809303be37c9da12ec938`
SHA1	`5f5d1459f715b6d7ac0c9f5e6c86112d02c611a8`
SHA256	`f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71`
SHA3	`927f706c7c34a5b18477f72fb37fca3487c206f65f015b40463be7083a461c7b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.33023`
MD5	`6f18b3932aca200c19eda2c0a8389fe2`
SHA1	`454e38e44e9570502d4134818f983e6b3514c595`
SHA256	`ebfd8bce706bc334ada961a2489fb266101c8960e05bd20fbf2e8ee66af64060`
SHA3	`2f401e2395d28434ceed9c91f17de1595dcfd794e537304dd0c8867ea9c4be60`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.61313`
MD5	`56e519ddae3afada70d9d5afc3e20414`
SHA1	`584a6b17a1a2174921a185cc123bb8e609f0f0ba`
SHA256	`fa6b2f5422746f7377a3ed24f2b108f04f963caa0cc096c51cb49ac74266b107`
SHA3	`1896fe210c328289e0e771e497715e6c92d6e2545625858358002ceb5d1c7ee9`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.90788`
MD5	`5102430eabaa9f88a657c8a2d9a00547`
SHA1	`6f202d879a72db4c054632a883f9d3c3d1a28dac`
SHA256	`6f44d16ede32521ef7336056baff805a3305f225430de3bd01203ff0625c23d1`
SHA3	`5e8efdae85f063f0502553f6fe4fd93d6882663a77b5513c8e06b5e23f1f99a0`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`4.85349`
MD5	`6948b3a73688c3ea8fbd7f533a579e25`
SHA1	`931d017e52aa63fec9f1401436e07e3df2573e1b`
SHA256	`8561da4d70ae051d1f146859ba0b50467258730daae8af73726e0700c034b737`
SHA3	`2e6fc86970dfb7e8d036900a05d4c89591b3ab0a597a5074ea56489aa68d3414`

2001

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x318`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.30183`
MD5	`684ecb33208f4f9f7c2cff0cdb9a9751`
SHA1	`56e466a3fad32f56b78a528e5603d9447b90cbe4`
SHA256	`61053b241dcd556c8613587351c88672109badc9327015adf38af575ceea4796`
SHA3	`6e8f1b3b1e743ecb23d804ba9c1ea8eb8b7eaa6d89b80586533663bf43cdc375`

2002

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x1b6`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.17796`
MD5	`19981d9146e175aa0d0454eeab99e7a5`
SHA1	`9fcfa4ea0154a9eda2e068fb2f6b0528a0ba7b7a`
SHA256	`82b787884d91c8e40480b759b4eebebb7ab06cf7eb63b9c4a917b72e706f44c8`
SHA3	`cb2b0997b9e13b2722af3bfece9c24f86288c55d3d37e32777dfa338e4b08fdf`

2003

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x178`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.09106`
MD5	`7d11149e61eb6c347c1383f9328146b3`
SHA1	`6614cb365a79c2579bcf99d0e45bcd3cc0ae5504`
SHA256	`5fc71a4560d2f2172a833f314fb51cc331ea0aadbf68ae4482495ae6c3f741a0`
SHA3	`eff72379d1101e4f342adcdd5d45ef5cf3d6ddf7da8b9863e0c3dc12865316dd`

2004

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x1e0`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.16151`
MD5	`5cfb2e2fba72597948163a681528c4c1`
SHA1	`a73a86a57b6b26fcb7c2bb3fc3c3cb4397a258c7`
SHA256	`78da0d207481463651f2df454c107fa8dbac892d242c0c6d746a4058ec89db80`
SHA3	`1ca219f8282886ea4f0a5c46412dbd4a7cb2cf4e1ca30191a0af43dd8fa9aac2`

2005

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x14e`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.06256`
MD5	`3c9aa14f8b2f83e10cc622a580e19e26`
SHA1	`94fba5aa90b8b7056c26eb29c454544fe44db188`
SHA256	`7ea27338dfa058c61417f431eb25c868e497367f1148d8c1a60c65f7f4a231f6`
SHA3	`32685d199e9f2cbb0d6a841d2d4386d9c372bb195b9907d98f0e5739b285fe69`

2006

Type	`RT_DIALOG`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x12e`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.06042`
MD5	`1065b4bf48ea06975f43b5cfbc26919e`
SHA1	`1e343704db2c1b846ecf102569c9eefb27d7a6ba`
SHA256	`0b88e82cef64b29aedaef40401352d61251a31b91154f947d504b7ee359e96a6`
SHA3	`7e3d713a95d0637e2b445e5151e3c6891f743395c8f54463cd35e5e7eb9d06dc`

63

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x9a`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.69605`
MD5	`1cf1ce74df94ad4836eecfc104c17560`
SHA1	`4b6cdbc5d4b95fb8c305344cd4afecac2c0f0c31`
SHA256	`dc9198f43a905609d0e18e62801a15b04a7daca2f8a0e29abab1841ee8f0bf69`
SHA3	`503339507688e1aac84bb3fa0fd7c8a0bfca644f535acaf043600ea19adbd8ae`

76

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x684`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.24789`
MD5	`7226fb770482b5a03b4d2db212b742c3`
SHA1	`24acaff108799e6a185e5fefde96f9e3229948bf`
SHA256	`1bcb5075bd2597a6659b9065c81105e8554bd46320e27abb77266dd61258d79c`
SHA3	`f713c4dc33ce965d0ade5eba88ba587340d402851eb1022dbafdef2b4395af35`

77

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x6b0`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.3259`
MD5	`6cf7b79f59ee0a83187d659854959fc0`
SHA1	`a9905f281b2c468456ecb90be9012a673878dd79`
SHA256	`af4f8865d3c31c52f7ec0dfb8b70c4636852879dbae471f288bc778b3e61e5c8`
SHA3	`07429c0ee5cb9b6c55b1a1b87a37484297166cc6bc3bfc61dde3f824ef00d680`

80

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x586`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.28514`
MD5	`eed7a16481963e98755e327a0177a96c`
SHA1	`f33cfd27fbe84768498cfc60e7eebe9fec4af414`
SHA256	`e86e2a50717282c927f718c57f7278a3841f859896bb38fd963c3f0318ffe965`
SHA3	`98a7b401847ca73252bd82e36f3ff2a7eca4b1ddb179dec718947add9bdbf858`

83

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x53a`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.31061`
MD5	`af636616370a88c7d82cb27a46dadec0`
SHA1	`e55afed627db30dcfd96478c31b49c349389ff31`
SHA256	`5509b1ec8de5be7376cc900de0ae0807fcc8013227b9851bb5f894c09a3341b8`
SHA3	`eea8799a71272784a74a916ab6b95135cdfa8ff74fcfbed500d71ccba4430765`

85

Type	`RT_STRING`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x414`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.16899`
MD5	`ec4540476b78d92e3429c7d0f32e3571`
SHA1	`3d35086441d57c11991bce991337a66ac8a46b89`
SHA256	`8b93d83270da57c30c8850219e815a5fc8a82d3ee7509c9ba1c0f18d62fc7b04`
SHA3	`e6aa9b19e3b0b1c494b0b533f3d2c1a1d31f098dc17ee6e29080a28f15fdbdfc`

ADMQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

CABINET

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0xd1b`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`7.91648`
Detected Filetype	CAB Installer file
MD5	`9e504f6559f40bd192eb0c46165b71d0`
SHA1	`8b17ea1ba9115eb110d151fdb84e3b3634424e8c`
SHA256	`97bf71f08701f8405e561f2d9be069f0e3bdd1910eef7415a150b9fdac344873`
SHA3	`0ef0b5bd0fb4d132370ca20888ceca360620a63485fe73e710a4505e973b6245`

EXTRACTOPT

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`0.811278`
MD5	`edcfae989540fd42e4b8556d5b723bb6`
SHA1	`8e146c3c4e33449f95a49679795f74f7ae19ecc1`
SHA256	`9d9f290527a6be626a8f5985b26e19b237b44872b03631811df4416fc1713178`
SHA3	`60c2a8073325723836f33d900267acbb341b4a1ed9cac675e75df2abbad4207b`

FILESIZES

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`1.49739`
MD5	`7597aeb2c4d317f44a00e190bd2d4271`
SHA1	`d6d1da2eabada56b4862fb78cc7bc8a6bdd25c09`
SHA256	`894bc6f739da2b440d040385c603e354dd1e424c7051d15874177b831e91d469`
SHA3	`b397f7ac3cd37052ce39d684f48ae375a6ed462c80bed531e831a94cf385f419`

FINISHMSG

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

LICENSE

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

PACKINSTSPACE

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

POSTRUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

REBOOT

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

RUNPROGRAM

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1e`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`4.34839`
MD5	`e1c44823d44af64b4d507fabf181dfd5`
SHA1	`e8fc1ee612753948ae75b7ce7696b489c63e9160`
SHA256	`569ef3a3949ce10f2038cc49477f2eeb969eb89620b7a09f3dd71bd3c71e66fb`
SHA3	`ae4215cbf9872e16265e8cd212daeaf20ab8e4bc094a7b9fbdf397245ccf4002`

SHOWWINDOW

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`0`
MD5	`f1d3ff8443297732862df21dc4e57262`
SHA1	`9069ca78e7450a285173431b3e52c5c25299e473`
SHA256	`df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119`
SHA3	`8b0a2385d83c8bf7be27e59996f7d881d3bf1fc6606f81ce600b753ad94192a2`

TITLE

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`1`
MD5	`494e6cec7483a4ee0938895519a84bc7`
SHA1	`3b2c1c62d4d1c2a0c8a9ac42db00d33c654f9ad0`
SHA256	`24ea1ebd0bafd39482db46ec2d8959e61353a90efc072719e1308f86c3a106ba`
SHA3	`de9d17c99fe282269f91364e62581e4ccafb52f6969fb0c0565eee838a526ad6`

UPROMPT

Type	`RT_RCDATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x7`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`2.80735`
MD5	`527eeaa35a23dd5cac9bddcc2561a457`
SHA1	`0445b1735fd9797d537d360695940c7e68d25ace`
SHA256	`eaadcdd05a9a7c7f80d53d758f39e4399749d774b09a8a0165fe7c69ad6d8c3c`
SHA3	`28c8e1f57de512535bfd686562ef240323f7331b18e71f0506079f0e67e8f89e`

USRQCMD

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x13`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.82687`
MD5	`2d67dd797191709c2f13adae96046210`
SHA1	`176bc6c7397e0eee854b47acaaa22956fff0b8f3`
SHA256	`8f9b3a46c8e448597386c1912801652675c78510dc9a6b7c5e989c7b63accafb`
SHA3	`f5cff0931027cea2a66778ca108b300c3254d9916b6701466cd8340a886edcac`

3000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.06903`
Detected Filetype	Icon file
MD5	`fd33ac51d62922419e4891a00f6e6efa`
SHA1	`8cb942ccc95430628eb8200da35c0a5c8240de84`
SHA256	`f327fb34dd8f0143903c681df662ae88c1b36483647d54b9ca074aae9b7620e3`
SHA3	`6752df93dd0adf3e0e172480a7ed20eb5b97bff02646dd17b7eb6880745049c3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x40c`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.41675`
MD5	`52e13db86cbdf4d0bef3dd701339a22f`
SHA1	`30a8af976cb64a67b5c3b3ae6881a820b65729a9`
SHA256	`d6a117f28a63c8da5bbb0a39ae62227ebef69f9ff670200998732da00805017a`
SHA3	`c75e9fc534f4f4182d0936bd5cb1cf6a66682d8bbd720dbd0747b111c232aa8a`

1 (#3)

Type	`RT_VERSION`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x418`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`3.46199`
MD5	`25bf7e273bc3cd7917d808563fa5c01c`
SHA1	`cbb760831e626607c824585dd94baac55111febc`
SHA256	`b03d07fee4ee065e4c4d9f535b2f99e20a8751742a81ac092579c215ea1954f0`
SHA3	`d3dc51deccc7102f2e98ef780ef48292041c48c48eab8da4a5b46b925c03e5ca`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7e6`
TimeDateStamp	1980-Nov-04 23:14:44
Entropy	`5.00142`
MD5	`24a920dd92e3820a7fb081893dbfdc21`
SHA1	`c107c7e70fcb950a6b489741a9ff95640bf2d1c8`
SHA256	`ea7dbcb656b43eacb4f691740eaf9f53b79c347bffc0cd8c4f3b8e0e2f3e1a2f`
SHA3	`0799a889b78379e7e9e5c751426a1924f93f9fcbd28b9eefa11d281be4ca8999`

String Table contents

Sélectionnez un dossier pour stocker les fichiers extraits.
%s
Impossible d'obtenir les informations d'espace disque de : %s.

Message système : %s.
Une ressource requise est introuvable.
Voulez-vous vraiment annuler ?
Impossible d'extraire les informations sur la version du système d'exploitation.
Échec de la demande d'allocation de mémoire.
Impossible de créer le thread d'extraction.
Le fichier .cab n'est pas valide.
La table de fichiers est pleine.
Impossible de se placer dans le dossier de destination.
Le programme d'installation n'a trouvé aucun disque disposant de %s Ko d'espace libre pour l'installation. Libérez de l'espace, puis cliquez sur Recommencer ou sur Annuler pour quitter le programme d'installation.
Dossier non valide. Assurez-vous que ce dossier existe et qu'il est accessible en écriture.
Vous devez spécifier un dossier avec un chemin correct ou choisir Annuler.
Impossible de mettre à jour la zone d'édition du dossier.
Impossible de charger les fonctions requises par la boîte de dialogue.
Impossible de charger Shell32.dll requise par la boîte de dialogue du navigateur.
Erreur de création du processus <%s>. Raison : %s
La taille de cluster de ce système n'est pas prise en charge.
Une ressource requise est endommagée.
Cette installation requiert les versions Windows 95, Windows NT 4.0 Bêta 2 ou plus récentes.
Erreur de chargement de %s
Échec de GetProcAddress() sur la fonction %s. Raison possible : utilisation d'une version incorrecte de advpack.dll.
L'installation requiert Windows 95 ou Windows NT
Impossible de créer le dossier %s
L'installation de ce programme nécessite %s Ko d'espace libre sur le disque %s. Il est recommandé de libérer l'espace requis avant de continuer.

Voulez-vous continuer ?
Erreur de récupération du dossier Windows
Fermeture de NT : erreur OpenProcessToken.
Fermeture de NT : erreur d'ajustement des privilèges de jeton.
Fermeture de NT : erreur de fermeture du système Windows.
Échec de l'extraction du fichier, sans doute dû à un manque de mémoire (espace disque insuffisant pour l'échange du fichier) ou à un fichier .cab endommagé.
Le programme d'installation n'a pas pu récupérer les informations de volume du disque (%s).
Message du système : %s.
Le programme d'installation n'a pas trouvé les %s Ko d'espace disque libres nécessaires. Libérez de l'espace et recommencez.
Le programme d'installation semble être endommagé. Contactez le vendeur de cette application.
Erreur de syntaxe dans l'option de la ligne de commande.
Tapez Commande /? pour accéder à l'aide.
Options de ligne de commande :

/Q -- Modes silencieux pour lot,

/T:<chemin entier> -- Spécifie le répertoire temporaire de travail,

/C -- Extraire les fichiers uniquement vers le dossier, également lorsqu'ils sont utilisés avec /T.

/C:<Cmd> -- Ignorer la commande Install définie par l'auteur.

Pour que les nouveaux paramètres prennent effet, vous devez redémarrer votre ordinateur.

Voulez-vous redémarrer maintenant ?
Une autre copie du lot %s tourne déjà sur votre système. Voulez-vous exécuter une autre copie ?
Impossible de trouver le fichier : %s.
Vous n'avez pas les droits d'administrateur sur cet ordinateur. Certaines installations ne peuvent être effectuées correctement que par un administrateur.
Le dossier %s n'existe pas. Voulez-vous le créer ?
Le package %s est déjà en cours de fonctionnement sur votre système. Vous ne pouvez exécuter qu'une copie à la fois.
Le package %s n'est pas compatible avec la version de Windows que vous utilisez actuellement.
Le package %s n'est pas compatible avec la version du fichier : %s présent sur votre système.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2051-May-03 12:54:45
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0xbdac`
PointerToRawData	`0xbdac`
Referenced File	wextract.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2051-May-03 12:54:45
Version	`0.0`
SizeofData	`768`
AddressOfRawData	`0xbdd4`
PointerToRawData	`0xbdd4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2051-May-03 12:54:45
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xc0fc`
PointerToRawData	`0xc0fc`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2051-May-03 12:54:45
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xc120`
PointerToRawData	`0xc120`

TLS Callbacks

Load Configuration

Size	`0x148`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000e080`
GuardCFCheckFunctionPointer	`5368755888`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xdb9e4ad6`
Unmarked objects	`0`
C++ objects (33145)	`1`
Unmarked objects (#2)	`1`
ASM objects (33145)	`4`
C objects (33145)	`20`
Imports (33145)	`17`
Total imports	`167`
C objects (LTCG) (33145)	`10`
Resource objects (33145)	`1`
Linker (33145)	`1`

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.