e843cf234f69b57f3874d1237d712df87e57936f13159b766da6227254272dc6

Sharing

Copy URL Twitter E-mail

General

Target

e843cf234f69b57f3874d1237d712df87e57936f13159b766da6227254272dc6
Size

4.8MB
MD5

0f610783089c6c7922133ef1bc819f98
SHA1

ee623479ad8f0b3fbecf0ba2ba97e9bdecb3f1c6
SHA256

e843cf234f69b57f3874d1237d712df87e57936f13159b766da6227254272dc6
SHA512

e1b6fba3220c1e19fda9c8adc8b8d13f4bcae1f6a2e1bf84cb01ee4e44f72711fbd3b3f7b95c44610dd98e8dd01f2fae36048e4818240802a498ca9c9c3ca6d1
SSDEEP

98304:2b1INzRAn6GEVPTp1fY0NuW8QRGofuWxeAxQjoW7nzPuZHfizzv:eIm6HLY0wQLkAUoW7zD/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rar/Default.SFX
unpack001/rar/Default64.SFX
unpack001/rar/WinCon.SFX
unpack001/rar/WinCon64.SFX
unpack001/rar/Zip.SFX
unpack001/rar/Zip64.SFX

Files

e843cf234f69b57f3874d1237d712df87e57936f13159b766da6227254272dc6
.zip
rar/7zxa.dll
.dll windows:4 windows x64 arch:x64

e84ea73d0d9b417a1bc1810c7b836d4f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:45:8d:be:19:55:1d:b3:e2:b2:df:f1:56:e9:2a:8f:e5:87:b1:49:a2:aa:78:e7:16:8a:c0:0c:06:38:4c:68
Signer

Actual PE Digest

a5:45:8d:be:19:55:1d:b3:e2:b2:df:f1:56:e9:2a:8f:e5:87:b1:49:a2:aa:78:e7:16:8a:c0:0c:06:38:4c:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen

msvcrt

_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_purecall
memset
strlen
_initterm
malloc
__CxxFrameHandler
_CxxThrowException
memmove
memcpy
memcmp
free
__dllonexit

kernel32

GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Default.SFX
.exe windows:5 windows x86 arch:x86

0ae9e38912ff6bd742a1b9e5c003576a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Default64.SFX
.exe windows:5 windows x64 arch:x64

020387d10d5936b3fbcfc8b4ba421f7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
TerminateProcess
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Descript.ion
rar/License.txt
rar/Order.htm
.html .js polyglot
rar/Rar.exe
.exe windows:5 windows x64 arch:x64

46d4a991088e70acda923a7cd0f9aa4c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:b2:a7:b5:85:24:ed:8a:f3:3e:c3:b7:65:7a:c4:d8:fe:43:0e:d3:be:1a:c6:11:cd:f2:12:8a:a2:ca:38:39
Signer

Actual PE Digest

e2:b2:a7:b5:85:24:ed:8a:f3:3e:c3:b7:65:7a:c4:d8:fe:43:0e:d3:be:1a:c6:11:cd:f2:12:8a:a2:ca:38:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
DeviceIoControl
FindClose
SetFileTime
CloseHandle
BackupRead
BackupSeek
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileTime
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileAttributesW
GetVolumeInformationW
ExpandEnvironmentStringsW
FindNextFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
SetErrorMode
FreeLibrary
LoadLibraryW
LoadLibraryExW
CompareStringA
GetLocaleInfoW
GetCurrentThread
SetConsoleCtrlHandler
SetThreadExecutionState
CreateEventW
GetSystemDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FormatMessageW
Sleep
GetLastError
WriteConsoleW
ReadConsoleW
SetConsoleMode
GetConsoleMode
WriteFile
GetStdHandle
GetFileType
GetCommandLineW
GetModuleHandleW
GetProcAddress
GetFileInformationByHandle
SetThreadPriority
SetLastError
FindFirstFileExA
SetStdHandle
GetConsoleCP
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetACP

user32

ExitWindowsEx
LoadStringW
CharLowerW
CharToOemBuffW
CharToOemBuffA
OemToCharBuffA
OemToCharA
CharToOemA
MessageBeep
OemToCharBuffW
CharUpperW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorLength
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

powrprof

SetSuspendState

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Rar.txt
rar/RarExt.dll
.dll windows:6 windows x64 arch:x64

8f6f025c725ec2aa8498b3040d0a763c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:50:c0:6c:4c:4c:20:f5:7c:7f:c2:d9:ed:1d:ae:b0:67:71:dc:54:4f:6b:cf:96:fa:07:6a:b3:8f:d2:1f:23
Signer

Actual PE Digest

f2:50:c0:6c:4c:4c:20:f5:7c:7f:c2:d9:ed:1d:ae:b0:67:71:dc:54:4f:6b:cf:96:fa:07:6a:b3:8f:d2:1f:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringA
Sleep
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemDirectoryW
SetThreadExecutionState
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GetModuleHandleExW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
GetTempPathW
SetCurrentDirectoryW
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDateFormatW
GetTimeFormatW
WaitForSingleObject
RtlUnwind
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FindResourceW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
SizeofResource
LoadResource
FoldStringW
GetModuleFileNameW
GetFullPathNameW
GetCurrentDirectoryW
GetVersionExW
FindNextFileW
CreateFileW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
MoveFileW
GetCurrentProcessId
DeviceIoControl
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
LoadLibraryExW
DeleteFileW
CreateDirectoryW
GetFileTime
GetFileType
FlushFileBuffers
GetStdHandle
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
WriteFile
SetFileTime
SetFilePointer
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEndOfFile
ReadFile
GetFileSize
FreeEnvironmentStringsW

user32

InvalidateRect
SetWindowTextW
GetParent
ReleaseDC
OemToCharA
EnableWindow
GetDlgItem
ShowWindow
SendMessageW
wsprintfW
GetDC
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
LoadImageW
SetWindowLongPtrW
EqualRect
GetSysColor
GetCursorPos
EndPaint
BeginPaint
InsertMenuItemW
AppendMenuW
CreatePopupMenu
SendDlgItemMessageW
DestroyWindow
EnumDisplayMonitors
CopyImage
MapWindowPoints
MessageBoxW
FlashWindowEx
CreateWindowExW
CreateIcon
LoadCursorW
SetCursor
GetWindowTextLengthW
GetWindowTextW
CharLowerW
CharUpperW
OemToCharBuffA
LoadStringW
GetWindow
GetClassNameW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
SetMenuItemInfoW
GetMenuItemInfoW
GetSystemMetrics
SetDlgItemTextW

gdi32

SetPixel
GetPixel
GetObjectW
CreateDIBSection
StretchBlt
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
TextOutW
SetTextColor
LineTo
DeleteObject
CreatePen
GetTextFaceW
GetTextMetricsW
SelectObject
CreateFontW
MoveToEx

advapi32

RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
FreeSid

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetMalloc
DragQueryFileW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
VariantChangeType
VariantCopy
VariantClear
SysAllocString

shlwapi

SHStrDupW

comctl32

ord8
DestroyPropertySheetPage
CreatePropertySheetPageW

gdiplus

GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap

msimg32

GradientFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/RarExt32.dll
.dll windows:6 windows x86 arch:x86

ea92b4bb5d9deec4628d0f78b0881df5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:46:71:63:73:f0:a7:48:3a:83:12:89:b9:ef:0e:e1:92:a1:f0:0e:86:ad:de:6c:8b:32:58:e3:9b:c4:37:d7
Signer

Actual PE Digest

89:46:71:63:73:f0:a7:48:3a:83:12:89:b9:ef:0e:e1:92:a1:f0:0e:86:ad:de:6c:8b:32:58:e3:9b:c4:37:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringA
Sleep
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemDirectoryW
SetThreadExecutionState
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GetModuleHandleExW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
GetTempPathW
SetCurrentDirectoryW
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDateFormatW
GetTimeFormatW
WaitForSingleObject
DecodePointer
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FindResourceW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlUnwind
RaiseException
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
SizeofResource
LoadResource
FoldStringW
GetModuleFileNameW
GetFullPathNameW
CreateFileW
GetCurrentDirectoryW
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
MoveFileW
GetCurrentProcessId
DeviceIoControl
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
LoadLibraryExW
DeleteFileW
CreateDirectoryW
GetFileTime
GetFileType
FlushFileBuffers
GetStdHandle
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
WriteFile
SetFileTime
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEndOfFile
ReadFile
GetFileSize
FreeEnvironmentStringsW

user32

GetParent
GetDC
GetDlgItem
SetWindowTextW
OemToCharA
InvalidateRect
ShowWindow
SendMessageW
wsprintfW
ReleaseDC
EnableWindow
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
LoadImageW
EqualRect
GetSysColor
GetCursorPos
EndPaint
BeginPaint
InsertMenuItemW
AppendMenuW
CreatePopupMenu
SendDlgItemMessageW
DestroyWindow
EnumDisplayMonitors
CopyImage
MapWindowPoints
MessageBoxW
FlashWindowEx
CreateWindowExW
CreateIcon
LoadCursorW
SetCursor
GetWindowTextLengthW
GetWindowTextW
CharLowerW
CharUpperW
OemToCharBuffA
LoadStringW
GetWindow
GetClassNameW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
SetMenuItemInfoW
GetMenuItemInfoW
GetSystemMetrics
SetDlgItemTextW

gdi32

SetPixel
GetPixel
GetObjectW
CreateDIBSection
StretchBlt
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
TextOutW
MoveToEx
SetTextColor
LineTo
CreatePen
GetTextFaceW
GetTextMetricsW
SelectObject
CreateFontW
DeleteObject

advapi32

RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
FreeSid

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoSetProxyBlanket
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance

oleaut32

SysFreeString
VariantChangeType
VariantCopy
VariantClear
SysAllocString

shlwapi

SHStrDupW

comctl32

ord8
DestroyPropertySheetPage
CreatePropertySheetPageW

gdiplus

GdipAlloc
GdipFree
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage

msimg32

GradientFill

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/RarExtInstaller.exe
.exe windows:6 windows x64 arch:x64

ff42caab74dab09e137a91d5dd30bdd2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:bc:20:36:fb:76:11:2d:78:c4:c0:b2:d2:e6:5d:5e:de:53:45:db:83:08:05:9a:e9:6f:27:8b:f0:05:39:e7
Signer

Actual PE Digest

61:bc:20:36:fb:76:11:2d:78:c4:c0:b2:d2:e6:5d:5e:de:53:45:db:83:08:05:9a:e9:6f:27:8b:f0:05:39:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CompareStringEx
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
WaitForSingleObject
CreateEventW
SetEvent
LoadLibraryW
FormatMessageW
WriteConsoleW
CreateFileW
CloseHandle
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP

user32

MessageBoxW

shell32

SHChangeNotify

shlwapi

SHCreateStreamOnFileEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx

oleaut32

SysAllocString
SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/RarExtLogo.altform-unplated_targetsize-32.png
.png
rar/RarExtLogo.altform-unplated_targetsize-48.png
.png
rar/RarExtLogo.altform-unplated_targetsize-64.png
.png
rar/RarExtPackage.msix
.appx
rar/RarFiles.lst
rar/Resources.pri
rar/UnRAR.exe
.exe windows:5 windows x64 arch:x64

9a3fd0d5c7ee877d3223332fb22a7cf5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:2d:6c:6f:0e:60:d2:d2:c7:86:a7:f8:e0:e6:2d:5f:5e:71:97:f5:e1:f4:c0:53:24:ce:7a:a4:2e:b7:a6:3a
Signer

Actual PE Digest

f1:2d:6c:6f:0e:60:d2:d2:c7:86:a7:f8:e0:e6:2d:5f:5e:71:97:f5:e1:f4:c0:53:24:ce:7a:a4:2e:b7:a6:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileAttributesW
GetVolumeInformationW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
SetErrorMode
GetModuleHandleW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetCurrentProcess
SetThreadPriority
SetThreadExecutionState
CreateEventW
GetSystemDirectoryW
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
SetConsoleCtrlHandler
FormatMessageW
Sleep
SetLastError
GetLastError
WriteConsoleW
ReadConsoleW
SetConsoleMode
GetConsoleMode
WriteFile
GetStdHandle
GetFileType
GetCurrentThread
GetCommandLineW
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleCP
LCMapStringW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetACP
HeapFree
HeapReAlloc
HeapAlloc

user32

ExitWindowsEx
LoadStringW
CharUpperW
CharToOemA
OemToCharBuffA
OemToCharA
CharLowerW
MessageBeep
CharToOemBuffW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

powrprof

SetSuspendState

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Uninstall.exe
.exe windows:6 windows x64 arch:x64

6aed8a1d48749f3ad36c3c72bcf9aeb1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:7e:0b:7f:32:fb:ce:fa:28:ae:4a:d6:dd:2c:79:55:4a:c8:b3:45:fc:47:38:a9:86:4f:0b:eb:5e:7c:c1:85
Signer

Actual PE Digest

b9:7e:0b:7f:32:fb:ce:fa:28:ae:4a:d6:dd:2c:79:55:4a:c8:b3:45:fc:47:38:a9:86:4f:0b:eb:5e:7c:c1:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
FindResourceW
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GetModuleHandleExW
GetShortPathNameW
GetTempPathW
Sleep
SetCurrentDirectoryW
GetCommandLineW
GetEnvironmentVariableW
CreateProcessW
CopyFileW
MoveFileExW
SetStdHandle
MoveFileW
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
HeapAlloc
HeapFree
ExitProcess
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwindEx
RaiseException
RtlPcToFileHeader
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
GetCurrentProcessId
SetFileAttributesW
RemoveDirectoryW
GetDiskFreeSpaceExW
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
FlushFileBuffers
CreateFileW
ExpandEnvironmentStringsW
GetStdHandle
SetLastError
GetLastError
GetModuleFileNameW
WaitForSingleObject
CloseHandle
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetStringTypeW
ReadConsoleW
HeapSize
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

SetWindowTextW
InvalidateRect
EnableWindow
ShowWindow
SendMessageW
GetParent
DialogBoxParamW
GetDlgItem
EndDialog
LoadIconW
GetSysColor
SetForegroundWindow
SendDlgItemMessageW
MessageBoxW
GetDesktopWindow
ReleaseDC
GetDC
IsWindowVisible
IsWindow
CharUpperW
LoadStringW
GetWindow
GetClassNameW
SetProcessDefaultLayout
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
GetSystemMetrics
SetWindowPos
OemToCharA
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW

gdi32

CreateFontW
GetDeviceCaps
DeleteObject

advapi32

RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteExW
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Uninstall.lst
rar/WhatsNew.txt
rar/WinCon.SFX
.exe windows:5 windows x86 arch:x86

1fac7e3e60191744918b1f8b259159d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStdHandle
WriteFile
GetConsoleMode
SetConsoleMode
ReadConsoleW
WriteConsoleW
GetLastError
SetLastError
Sleep
FormatMessageW
SetConsoleCtrlHandler
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
FoldStringW
SetErrorMode
GetModuleFileNameW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
HeapSize
SetFilePointerEx
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
LCMapStringW
GetConsoleCP
SetStdHandle
GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/WinCon64.SFX
.exe windows:5 windows x64 arch:x64

c6213d935a1ac1e6807c3dd6de896c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetStdHandle
WriteFile
GetConsoleMode
SetConsoleMode
ReadConsoleW
WriteConsoleW
GetLastError
SetLastError
Sleep
FormatMessageW
SetConsoleCtrlHandler
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
GetDriveTypeW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
FoldStringW
SetErrorMode
GetModuleFileNameW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
LCMapStringW
GetConsoleCP
SetStdHandle
GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/WinRAR.chm
.chm
rar/WinRAR.exe
.exe windows:6 windows x64 arch:x64

3d1825a380415a76bb0ddaab646e1790

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:15:a9:e7:5c:b6:4b:86:3e:be:a0:55:da:0e:ce:d8:8a:79:74:0f:ca:ec:b2:08:0b:6c:1a:29:14:a1:fa:06
Signer

Actual PE Digest

52:15:a9:e7:5c:b6:4b:86:3e:be:a0:55:da:0e:ce:d8:8a:79:74:0f:ca:ec:b2:08:0b:6c:1a:29:14:a1:fa:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
FreeLibrary
LoadLibraryW
LocalFileTimeToFileTime
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
DosDateTimeToFileTime
SetLastError
CreateHardLinkW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
GetProcessHeap
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
FindNextFileW
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLocalTime
GetFileInformationByHandle
DeviceIoControl
BackupRead
BackupSeek
GetLongPathNameW
GetShortPathNameW
GetStdHandle
FlushFileBuffers
GetFileType
GetFileTime
GetDiskFreeSpaceExW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
CompareStringA
SetCurrentDirectoryW
GetFullPathNameA
CreateEventW
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemDirectoryW
SetThreadExecutionState
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GetCompressedFileSizeW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
SetEnvironmentVariableW
LockResource
GetDateFormatW
GetTimeFormatW
SuspendThread
ResumeThread
GetStartupInfoW
GetSystemTimeAsFileTime
SetFilePointer
FindNextChangeNotification
SetErrorMode
GetThreadPriority
GetPriorityClass
CompareFileTime
WaitForMultipleObjects
MulDiv
OutputDebugStringA
GetEnvironmentVariableW
HeapSize
WriteConsoleW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindFirstFileExW
SetStdHandle
LCMapStringW
GetFileSizeEx
HeapReAlloc
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFileSize
DeleteFileW
CreateFileW
CreateDirectoryW
MoveFileW
GetTickCount
GetCPInfoExW
GetOEMCP
SetFileTime
GetACP
GetCurrentProcessId
GetCurrentProcess
Sleep
GetVolumeInformationW
GetDriveTypeW
GlobalFree
RtlUnwind
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
CreateMutexW
ReleaseMutex
GetLastError
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
CopyFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
WaitForSingleObject
CloseHandle
GetTempPathW
GetModuleFileNameW
GetCommandLineW
FindFirstFileW
FindClose
Beep
GetFileAttributesW

user32

MessageBoxW
GetForegroundWindow
keybd_event
FlashWindowEx
CreateIcon
EnumWindows
SetForegroundWindow
IsCharAlphaW
CopyRect
RegisterClassExW
GetSysColor
ValidateRect
DrawIconEx
LoadImageW
SystemParametersInfoW
GetSystemMenu
SetTimer
MessageBoxIndirectW
CharLowerW
CharUpperW
ExitWindowsEx
LoadStringW
SetProcessDefaultLayout
OemToCharBuffW
CharToOemBuffW
OemToCharBuffA
OemToCharA
GetComboBoxInfo
RedrawWindow
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FillRect
GetMenuState
GetLastActivePopup
GetMenuItemID
SetMenu
LoadMenuW
LoadAcceleratorsW
SendInput
IsChild
RegisterClassW
PostQuitMessage
SetScrollRange
SetScrollPos
ScrollWindowEx
FindWindowExW
GetClipboardData
LoadIconW
CreateDialogParamW
PostThreadMessageW
SendMessageW
DefWindowProcW
CreateWindowExW
DestroyWindow
SetFocus
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsDialogMessageW
GetIconInfo
CreateIconIndirect
FindWindowW
RemovePropW
GetPropW
CopyImage
FlashWindow
EnumDisplayMonitors
SetPropW
TranslateAcceleratorW
MessageBeep
CharToOemA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PeekMessageW
IsWindowVisible
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
GetParent
DestroyIcon
ShowWindow
UpdateWindow
CheckDlgButton
PostMessageW
InvalidateRect
EnumChildWindows
GetClassNameW
CreateDialogIndirectParamW
BringWindowToTop
GetScrollInfo
EnableMenuItem
CheckMenuItem
GetFocus
MoveWindow
GetWindowTextLengthW
EndPaint
BeginPaint
AppendMenuW
GetMenuItemCount
DrawMenuBar
wsprintfW
SetWindowLongPtrW
ScreenToClient
ClientToScreen
CallWindowProcW
PtInRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DeleteMenu
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
GetMenu
IsWindow
WaitForInputIdle
LoadCursorW
GetWindowThreadProcessId
WindowFromPoint
GetCursorPos
SetCursor
GetKeyState
RegisterClipboardFormatW
GetWindow
GetDesktopWindow
GetWindowLongPtrW
IntersectRect
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
IsIconic
IsWindowEnabled
IsDlgButtonChecked
GetDlgItemInt
SetDlgItemInt
CharToOemBuffA
KillTimer

gdi32

GetObjectW
BitBlt
CreateCompatibleDC
DeleteDC
SetBkColor
ExtTextOutW
CreateBitmap
CreateCompatibleBitmap
GetDeviceCaps
GetTextExtentPoint32W
SetMapMode
StretchBlt
DPtoLP
GetPixel
CreateDIBSection
CreateSolidBrush
Rectangle
SetPixel
TextOutA
TextOutW
MoveToEx
SetTextColor
CreatePen
LineTo
GetTextFaceW
GetTextMetricsW
SelectObject
GetMapMode
DeleteObject
CreateFontW

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

shell32

DragFinish
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
ord100
SHAddToRecentDocs
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
FindExecutableW
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW

ole32

RegisterDragDrop
OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
CoTaskMemAlloc
OleSetClipboard
DoDragDrop
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
RevokeDragDrop

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

StrCmpLogicalW
SHAutoComplete

powrprof

SetSuspendState

comctl32

ImageList_ReplaceIcon
ImageList_Create
CreateStatusWindowW
ord381
PropertySheetW
InitCommonControlsEx

uxtheme

IsThemeActive
IsAppThemed

gdiplus

GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapSetPixel

msimg32

GradientFill

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 862KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Zip.SFX
.exe windows:5 windows x86 arch:x86

fa8d20faea9ef7b4e2b7fbfe93442593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
GetOEMCP
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetCommandLineA

oleaut32

VariantClear

gdiplus

GdipCreateBitmapFromStream
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/Zip64.SFX
.exe windows:5 windows x64 arch:x64

f192d91376e5be782e380e2ee9290bd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
TerminateProcess
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP

oleaut32

VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar/rarnew.dat
.rar
rar/readme.txt
rar/zipnew.dat

Sharing

General

Malware Config

Signatures

Files

e84ea73d0d9b417a1bc1810c7b836d4f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a5:45:8d:be:19:55:1d:b3:e2:b2:df:f1:56:e9:2a:8f:e5:87:b1:49:a2:aa:78:e7:16:8a:c0:0c:06:38:4c:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 19KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

0ae9e38912ff6bd742a1b9e5c003576a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 145KB

.didat Size: 512B - Virtual size: 420B

.rsrc Size: 53KB - Virtual size: 56KB

.reloc Size: 9KB - Virtual size: 8KB

020387d10d5936b3fbcfc8b4ba421f7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 5KB - Virtual size: 149KB

.pdata Size: 11KB - Virtual size: 10KB

.didat Size: 1024B - Virtual size: 856B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 53KB - Virtual size: 56KB

.reloc Size: 2KB - Virtual size: 2KB

46d4a991088e70acda923a7cd0f9aa4c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a5:45:8d:be:19:55:1d:b3:e2:b2:df:f1:56:e9:2a:8f:e5:87:b1:49:a2:aa:78:e7:16:8a:c0:0c:06:38:4c:68
Signer

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 19KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 145KB

.didat
Size: 512B - Virtual size: 420B

.rsrc
Size: 53KB - Virtual size: 56KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 5KB - Virtual size: 149KB

.pdata
Size: 11KB - Virtual size: 10KB

.didat
Size: 1024B - Virtual size: 856B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 53KB - Virtual size: 56KB

.reloc
Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e2:b2:a7:b5:85:24:ed:8a:f3:3e:c3:b7:65:7a:c4:d8:fe:43:0e:d3:be:1a:c6:11:cd:f2:12:8a:a2:ca:38:39
Signer

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 13KB - Virtual size: 125KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 20KB - Virtual size: 24KB

.reloc
Size: 3KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f2:50:c0:6c:4c:4c:20:f5:7c:7f:c2:d9:ed:1d:ae:b0:67:71:dc:54:4f:6b:cf:96:fa:07:6a:b3:8f:d2:1f:23
Signer

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 7KB - Virtual size: 131KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 102KB - Virtual size: 104KB

.reloc
Size: 3KB - Virtual size: 2KB