Manalyze report for 8a1f43af9e7ec585d111048aba2eebd2aee01989d26cf86b63f090a14ac87301

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-03 13:15:57
Detected languages	Process Default Language
Debug artifacts	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %temp%` `Accesses the WMI: ROOT\CIMV2`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW`
Suspicious	The file contains overlay data.	`6887158 bytes of data starting at offset 0x46200.` `The overlay data has an entropy of 7.99993 and is possibly compressed or encrypted.` `Overlay data amounts for 95.9964% of the executable.`
Malicious	VirusTotal score: 35/70 (Scanned on 2024-12-22 09:49:54)	`ALYac: Trojan.Generic.37111560` `APEX: Malicious` `AVG: Win32:Malware-gen` `AhnLab-V3: Trojan/Win.Generic.R510883` `Antiy-AVL: Trojan[Packed]/Win32.7Zip` `Arcabit: Trojan.Generic.D2364708` `Avast: Win32:Malware-gen` `Avira: TR/Redcap.htzvv` `BitDefender: Trojan.Generic.37111560` `CTX: exe.trojan.generic` `ClamAV: Win.Packed.Bladabindi-10017056-0` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.7Zip.AI` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.37111560 (B)` `F-Secure: Trojan.TR/Redcap.htzvv` `FireEye: Generic.mg.d29926cb50164c63` `Fortinet: W32/PossibleThreat` `GData: Trojan.Generic.37111560` `Ikarus: Trojan.SuspectCRC` `K7AntiVirus: Trojan ( 005a188e1 )` `K7GW: Trojan ( 005a188e1 )` `Kaspersky: Trojan.Win32.SFX.aww` `Malwarebytes: Malware.AI.1392728750` `McAfeeD: ti!8A1F43AF9E7E` `MicroWorld-eScan: Trojan.Generic.37111560` `Microsoft: PUA:Win32/Puwaders.C!ml` `Rising: Stealer.Agent/SFX!1.F3AF (CLASSIC)` `Skyhigh: BehavesLike.Win32.Generic.vc` `Sophos: Generic ML PUA (PUA)` `TrendMicro-HouseCall: TROJ_GEN.R023H09KT24` `VIPRE: Trojan.Generic.37111560`

Hashes

MD5	`d29926cb50164c6343f05dd4b44c52dc`
SHA1	`8e92c5e4e754ff38c1534f0bc65576d61443f67c`
SHA256	`8a1f43af9e7ec585d111048aba2eebd2aee01989d26cf86b63f090a14ac87301`
SHA3	`5fccfcd3739deba4fa5df801c6835cc8f12ed7682135412b1c2dd9c2224bb5ae`
SSDeep	`98304:ZWEBeculMIUZKMpOfn9/1nKkhZVcmMAOHfIYnIOfyjMYrg7Ngi7OnKWe:EEcculMEXn9tnXhzifWGyjzunOnKWe`
Imports Hash	`1acd058df8508c59f4ea2adc65d18886`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2022-Mar-03 13:15:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x31c00`
SizeOfInitializedData	`0x14200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001F530 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x6d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2831bb8b11e3209658a53131886cdf98`
SHA1	`619c1d2d3a247d5ea0748c89b0b9d66a30b6417c`
SHA256	`48ab4eb5a4a945145c87706f46d698adf5afd5ef605ac539ab0ef6cdeb2fbcf7`
SHA3	`f7b884bd662fdb7c8c68f057d19097cbd8c120b89e99459db79c3b48bf659779`
VirtualSize	`0x31bdc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71296`

.rdata

MD5	`042f11346230ca5aa360727d9908e809`
SHA1	`6ecf068cbcb8b25488348341dfe9cd146d7efff1`
SHA256	`804be68858db0f2910995e054d0b06401bf2307ec560f54907bb8ba21ba5c264`
SHA3	`15ebd860c1f7d09d414d35040e874f69a6c050f4f65c79de0acf3ca1433bf69a`
VirtualSize	`0xaec0`
VirtualAddress	`0x33000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x32000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26161`

.data

MD5	`9670b581969e508258d8bc903025de5e`
SHA1	`f645e3c9267ab7df17b1b1f7196a59a1fa9b097a`
SHA256	`61a9b234e0eb47b75e277198852d787ab0677398946412062da997ea34b45359`
SHA3	`4ad2b0e47cd3e4b6eafc7aab43b88769f0211bc63e1377e4a62c40cae66eb273`
VirtualSize	`0x24720`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.38746`

.didat

MD5	`c83554035c63bb446c6208d0c8fa0256`
SHA1	`08a8f0e687db994f8484fd20dc56094f4c219de5`
SHA256	`76ffd51987e2d394a7ae70be547b72a23f2b104468405cd051dc2b7e73e3f6d9`
SHA3	`2ce238220246ebdcf4a730c0b2ad857a31049b7f8fd0484c02e162336635e5f1`
VirtualSize	`0x190`
VirtualAddress	`0x63000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.33273`

.rsrc

MD5	`9c7d1f7aae0f46179b7616180af75d50`
SHA1	`4f8ad2f0056647ed81fe79c64198dd373257206f`
SHA256	`615f970bcaa9f10606500b8e0d042f0040714aac5042dd545df150744bacb13b`
SHA3	`144840ed380b533b83d8a679cc46fbdfa9efedef0fa6d449382ac5ea81cd6137`
VirtualSize	`0x5aa0`
VirtualAddress	`0x64000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x3e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.59333`

.reloc

MD5	`40b5e17755fd6fdd34de06e5cdb7f711`
SHA1	`f1f4ef62479ee5ed243652eb278d24f467b2beee`
SHA256	`824ed1373fce7f28dce8809ae4783590146ee39d9586acc5b6c5d9f99de32673`
SHA3	`37ae9c7438b7baf668f18cdb122c461e56e7760d0fe13734c1bed0d2f37d15d5`
VirtualSize	`0x233c`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x43e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62301`

Imports

KERNEL32.dll	`GetLastError` `SetLastError` `FormatMessageW` `GetCurrentProcess` `DeviceIoControl` `SetFileTime` `CloseHandle` `CreateDirectoryW` `RemoveDirectoryW` `CreateFileW` `DeleteFileW` `CreateHardLinkW` `GetShortPathNameW` `GetLongPathNameW` `MoveFileW` `GetFileType` `GetStdHandle` `WriteFile` `ReadFile` `FlushFileBuffers` `SetEndOfFile` `SetFilePointer` `SetFileAttributesW` `GetFileAttributesW` `FindClose` `FindFirstFileW` `FindNextFileW` `InterlockedDecrement` `GetVersionExW` `GetCurrentDirectoryW` `GetFullPathNameW` `FoldStringW` `GetModuleFileNameW` `GetModuleHandleW` `FindResourceW` `FreeLibrary` `GetProcAddress` `GetCurrentProcessId` `ExitProcess` `SetThreadExecutionState` `Sleep` `LoadLibraryW` `GetSystemDirectoryW` `CompareStringW` `AllocConsole` `FreeConsole` `AttachConsole` `WriteConsoleW` `GetProcessAffinityMask` `CreateThread` `SetThreadPriority` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `ReleaseSemaphore` `WaitForSingleObject` `CreateEventW` `CreateSemaphoreW` `GetSystemTime` `SystemTimeToTzSpecificLocalTime` `TzSpecificLocalTimeToSystemTime` `SystemTimeToFileTime` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `FileTimeToSystemTime` `GetCPInfo` `IsDBCSLeadByte` `MultiByteToWideChar` `WideCharToMultiByte` `GlobalAlloc` `LockResource` `GlobalLock` `GlobalUnlock` `GlobalFree` `LoadResource` `SizeofResource` `SetCurrentDirectoryW` `GetExitCodeProcess` `GetLocalTime` `GetTickCount` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `GetCommandLineW` `SetEnvironmentVariableW` `ExpandEnvironmentStringsW` `GetTempPathW` `MoveFileExW` `GetLocaleInfoW` `GetTimeFormatW` `GetDateFormatW` `GetNumberFormatW` `DecodePointer` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `HeapSize` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `LoadLibraryExA` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `TerminateProcess` `LocalFree` `RtlUnwind` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `QueryPerformanceFrequency` `GetModuleHandleExW` `GetModuleFileNameA` `GetACP` `HeapFree` `HeapAlloc` `HeapReAlloc` `GetStringTypeW` `LCMapStringW` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage`
OLEAUT32.dll	`SysAllocString` `SysFreeString` `VariantClear`
gdiplus.dll	`GdipAlloc` `GdipDisposeImage` `GdipCloneImage` `GdipCreateBitmapFromStream` `GdipCreateBitmapFromStreamICM` `GdipCreateHBITMAPFromBitmap` `GdiplusStartup` `GdiplusShutdown` `GdipFree`
USER32.dll (delay-loaded)	`PostMessageW` `WaitForInputIdle` `IsWindowVisible` `DialogBoxParamW` `EndDialog` `GetDlgItemTextW` `DispatchMessageW` `SetFocus` `SetForegroundWindow` `GetSysColor` `LoadBitmapW` `LoadIconW` `DestroyIcon` `IsDialogMessageW` `TranslateMessage` `GetMessageW` `wvsprintfW` `CopyImage` `GetClassNameW` `FindWindowExW` `MessageBoxW` `ReleaseDC` `GetDC` `SendMessageW` `LoadCursorW` `CopyRect` `MapWindowPoints` `UpdateWindow` `DestroyWindow` `IsWindow` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `CharUpperW` `OemToCharBuffA` `LoadStringW` `GetWindow` `SetProcessDefaultLayout` `SetWindowLongW` `GetWindowLongW` `GetWindowRect` `GetClientRect` `GetSystemMetrics` `SetDlgItemTextW` `SetWindowPos` `GetParent` `SetWindowTextW` `EnableWindow` `GetDlgItem` `PeekMessageW` `SendDlgItemMessageW` `ShowWindow`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x61cc0`
DelayImportAddressTable	`0x630a0`
DelayImportNameTable	`0x3c7ac`
BoundDelayImportTable	`0x3cee0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`PNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb45`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87356`
Detected Filetype	PNG graphic file
MD5	`63486a769bbe3f49d5848b9c69734a25`
SHA1	`e48bd36c2f23c238206bdddf3ebb6d6862905710`
SHA256	`a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c`
SHA3	`7e9dc73ef6ee0ce127eee80c5daf334bd98ed2d2f262376ed7760866816d815b`

102

Type	`PNG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x15a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80129`
Detected Filetype	PNG graphic file
MD5	`e6ccfb6d9ffd4e1a907a47761c64bd79`
SHA1	`d6a2994dedae3527a878140aa60dcaa087b90445`
SHA256	`27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68`
SHA3	`11423dcd0ab4c11695ad71f56e4fcdfc4b20a38cc6ac653ab7575f7dd024d0e5`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27096`
MD5	`534215cef211a152679a4cc7bd91b7e1`
SHA1	`62ba9c1c73df21644c609d3b5fd2edc946eafadb`
SHA256	`8ac5e2c08e72998d06b9e79cc3522364730330763554bbebdfabc9a7bf0d1b46`
SHA3	`6f560168e19f37e1a6310914163bc1e23f5da7da7910ed604eb5cd4ed3bdc84f`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03868`
MD5	`365499af975d15ffb982e7a306ea4629`
SHA1	`766c978230ede7a7269ef1ce0a7f740c7b8c0137`
SHA256	`483080bf44a46dd03902e887e8e7d8fd3b37b3b1fc1afc69588b0cdbc3c8d87d`
SHA3	`2270516bfff336491c80c6a42a3207f5c92cb7ef0563960302b22706091acf0c`

GETPASSWORD1

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x13a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84009`
MD5	`33ccaed850f3b0e87dd14d8a8d3d5bd4`
SHA1	`765643f7b30c955e13a9dfbe944f42a539bbc795`
SHA256	`d7bccb4fc112e5ee3af71575fd25b2806568781ccd876a98a607ab49863efd69`
SHA3	`006b1a52a0ee4aded72b53fdf13624ad929e6c1e307d58f197982fccb7f05d2a`

LICENSEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xf2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70073`
MD5	`350b91b0ea3545d6ad49f0367e9a04bb`
SHA1	`5cd337b363aab7ac673ccbcef4bd7a0976017063`
SHA256	`45cee74bb0ad2163281ee43d7735874b78c9ba6d7f5ea17d1a5ab7dbd1a1fd88`
SHA3	`69001591be0330e0a9b9207fabe921342465d6552ab1531152793e7e30473181`

RENAMEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62816`
MD5	`632142fba1840e434bf65e6406e0ae28`
SHA1	`baef9c3020b3f5dcf631ed7ed80568342b8c78ea`
SHA256	`9ea5d1a1ed5a02941fecd70b54985e39691b1dbf06adfed786844c5234d98844`
SHA3	`333a8e2ce5b373a8f38cd8c9610c5bedc3f29c5778d47b6fc899b21454b43349`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82613`
MD5	`d96ce6ed8dbe388d25fab0d7f7076611`
SHA1	`ac04f933f319b439cf5d0e8e812f9b0c17fd4869`
SHA256	`1a30142b93d9f78209dfdd5319af64749c1fa47fbfe4669ffc915d450687ee32`
SHA3	`989f0faa23d6619ac9dfcbe169797eecf73d1a5054c2ecfc8a479fa30bdc4f55`

STARTDLG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x24a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07801`
MD5	`59dd2a53464fdebd4dce6dbd784d5a0a`
SHA1	`ed0d3337ee64ef5608fe043d288d2fc07d4f8103`
SHA256	`4542776fba1ca386e3dbd8d7d53d3f43fb0679acef9e06f73aa81d25a366401b`
SHA3	`b6d79a6a4bc545b09588c67b5a9fddf325009814b064a241a27dadcd908e2e1c`

7

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66634`
MD5	`84a2aa6fb93d661b02dd9fae67ce46a4`
SHA1	`a0d1a1952b83298a000a8ba5977f8efc4c86051a`
SHA256	`ec2cb06bbc07bf68507a8f11833a113290c501e50326464bcea8d04df617731a`
SHA3	`19a6131e2b7854011efb80a854c3796528dc49310847d92b644e7d8d7287ff82`

8

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x246`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71728`
MD5	`a2aa034f25589077320a2cdfe5e79159`
SHA1	`786c0972867d2256fd9fb4da7c434e92490307a4`
SHA256	`73a938be272bcf485024a2f1bd64de6cd171d1b2e382a71a6d5265bbd0a27f51`
SHA3	`85ce382c4586156f28fbdb295da379caa92ac7faa66324863d7cc9bd0024fefe`

9

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73856`
MD5	`7eeb00e11496364525d55a3bc8a3ea88`
SHA1	`8f893840f2a27f16267d0765b24c41c59f6daf4f`
SHA256	`f6b4fc2653f5935067f883319bbddef009d32a716bd6484c980d8607a655867d`
SHA3	`d46e4330d674d137d0f221c09e438187adb554d91baa5ec43e247f499f5500bf`

10

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55807`
MD5	`d792ceea3def3f71682eb1eea04b403c`
SHA1	`a920b6a80ab4780f87b408cdf108a1ac82996509`
SHA256	`c7ce5dce1f5c60c9f0669551ba5a5d2cfa52dfdf47ca831ccf62d4aa55af4c24`
SHA3	`6aa103f2885b802f04287d341ba808f97f54fec9ad12a3b19cebda7f6ce023f0`

11

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x47c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90831`
MD5	`1c93cfa1b740413905b4d6e5a359db7c`
SHA1	`b31ac11c180728319bf928ad7c9485ab61cf8d00`
SHA256	`97ece10997819c2808a8d0a7f994fdd9917226ea4d2b6e53116c494ae9798c2d`
SHA3	`b6060ed0d4cb8cc18d1c16ecaaade9375a666eb8b10249e15694c5ea37892011`

12

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x164`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68258`
MD5	`c35f74b91635985b1b9c2a034066d48e`
SHA1	`0ca2026561a14649488829292a3cf65d72e8076d`
SHA256	`bc0a87bc2f823765b06c9308580fb4e7c09a3c584a7cb9355b190ff35c238649`
SHA3	`95baa54f914fd53ffa861353f14caf33195490bee711f1d758b52f1747252ac5`

13

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61824`
MD5	`2fcf98fe1351e05994c780638a179f36`
SHA1	`900cff0a51d982580fdbec03cbcb93581dd130d5`
SHA256	`efda66b5ce3770efc226bf58c66404f7f61dd9cf8b98e5a9f8f167c02457f481`
SHA3	`ff524692854a0494afed8006c2910b383707cc25f93db1315b36e5bd97fca024`

14

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61995`
MD5	`a4a9a568a83d61c47d19aefd97e27852`
SHA1	`aa65a41a2f60b7de1b35bb6655f02cf408d04ff9`
SHA256	`83f265e852184711ffb09f50939bba25cb14013804eaea4c516cc544b81afe4c`
SHA3	`aef4a78e8dd8b7a4dc071796053e6ec6933e3e272fdb64863675150c1dc4a9bd`

15

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4037`
MD5	`efde73c917066f48e2ce0d399a2b8b8d`
SHA1	`5ee91d6c6ba3e722cd8affb7fb94c8612c09f8e0`
SHA256	`8a5ed5de64061a372ea6c5e485d96e8b214e9881a4091697c466cd545ee2bda6`
SHA3	`44a7160dc77a24d8120e635da43412fc6314281cc16f2fc15ec89bccdcac2fa3`

16

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44204`
MD5	`63e43a749a76bc1fc16dacc98744ff58`
SHA1	`783d49ca373bf78e2948606b6613b95c390f1106`
SHA256	`1a0adb4e94ef9283ebaed131b1cd14014a5de3886f80ae45ca239d4b46ce1136`
SHA3	`d1ed63a11c24f13bff20e0d4f188309a2566af9b26d9946358c5b8f8f7bf2f76`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`575113e38a3fb53357f84490e97c7272`
SHA1	`3dc111251d8a7394027f0b41a72c6af07cfb7a95`
SHA256	`b8d6791f3fff19f6f48a805515c262b5a61470c3084fa63e245ec1a6845413cd`
SHA3	`2cb97a33e3113244264e15aa685c370bc720e2929c3d3730695cd5ce1ee1aff0`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x753`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25329`
MD5	`8ddcbbd6b8c80eef68bf9305e59fa1f3`
SHA1	`014923abccec57fa3ad16f65feb0de2b8cbc8408`
SHA256	`1b7b67e5d8927449d8f7be80a0e5ba5f03d25670035027c0cb71abce27da6810`
SHA3	`e5c4bfc7e92f1b945363bb9ad2aabbe4324074ac295d08722e743d6e7c524b69`

String Table contents

Выберите папку для извлечения
Извлечение %s
Пропуск %s
Неожиданный конец архива
Повреждён заголовок файла "%s"
Обнаружен повреждённый заголовок
Повреждён главный заголовок архива
Повреждён заголовок комментария архива
Повреждён комментарий архива
Недостаточно памяти
Неизвестный метод в %s
Невозможно открыть %s
Невозможно создать %s
Невозможно создать папку %s
Ошибка контрольной суммы в зашифрованном файле %s. Файл повреждён или указан неверный пароль.
Ошибка контрольной суммы в %s
Ошибка контрольной суммы сжатых данных в %s
Ошибка записи в файле %s
Ошибка чтения в файле %s
Ошибка закрытия файла
Отсутствует необходимый том
Архив повреждён или имеет неизвестный формат
Извлечение из %s
Следующий том
Повреждён заголовок архива
Закрыть
Ошибка
Ошибки при выполнении операции.
См. окно с информацией
байт
изменён
папка недоступна
Некоторые файлы не были созданы.
Попробуйте повторить установку, закрыв другие приложения и перезагрузив Windows.
Некоторые установочные файлы повреждены.
Загрузите свежую копию и повторите установку
Все файлы
<ul><li>Нажмите кнопку <b><i>Установить</i></b>, чтобы начать извлечение.</li><br><br>
<ul><li>Нажмите кнопку <b><i>Извлечь</i></b>, чтобы начать извлечение.</li><br><br>
<li>Кнопка <b><i>Обзор</i></b> позволяет выбрать папку назначения
в дереве папок. Имя папки также можно ввести
вручную.</li><br><br>
<li>Если папки назначения не существует, то она будет
создана автоматически до начала процесса извлечения.</li></ul>
Архив повреждён
Извлечение файлов в папку %s
Извлечение файлов во временную папку
Извлечь
Ход извлечения
Максимум символов в пути и имени файла: %d
Неизвестный метод шифрования в %s
Указан неверный пароль.
Неверный пароль для %s
Невозможно скопировать %s в %s.
Невозможно создать символическую ссылку %s
Невозможно создать жёсткую ссылку %s
Сначала нужно распаковать целевой объект ссылки
Попробуйте запустить этот самораспаковывающийся архив от имени администратора
Приостановить
Продолжить
Предупреждение о безопасности
Удалите %s из папки %s. Пока это не сделано, запускать %s небезопасно.

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Mar-03 13:15:57
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x3b3dc`
PointerToRawData	`0x3a3dc`
Referenced File	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Mar-03 13:15:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3b430`
PointerToRawData	`0x3a430`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Mar-03 13:15:57
Version	`0.0`
SizeofData	`964`
AddressOfRawData	`0x3b444`
PointerToRawData	`0x3a444`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43e7ac`
SEHandlerTable	`0x43b2f8`
SEHandlerCount	`40`
GuardCFCheckFunctionPointer	`4403832`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xbe0d3e3c`
Unmarked objects	`0`
241 (40116)	`13`
243 (40116)	`142`
242 (40116)	`24`
253 (30625)	`2`
C objects (30625)	`19`
ASM objects (30625)	`23`
C++ objects (30625)	`52`
C objects (VS2008 SP1 build 30729)	`11`
Imports (VS2008 SP1 build 30729)	`7`
Total imports	`277`
C++ objects (VS2022 (17.0.5) compiler 30709)	`49`
Exports (VS2022 (17.0.5) compiler 30709)	`1`
Resource objects (VS2022 (17.0.5) compiler 30709)	`1`
Linker (VS2022 (17.0.5) compiler 30709)	`1`

Errors

Leave a comment

No comments yet.